diff options
Diffstat (limited to 'config')
108 files changed, 2407 insertions, 588 deletions
diff --git a/config/apcupsd/apcupsd.conf.php b/config/apcupsd/apcupsd.conf.php index 7a0340cd..7b6096bc 100644 --- a/config/apcupsd/apcupsd.conf.php +++ b/config/apcupsd/apcupsd.conf.php @@ -122,7 +122,7 @@ POLLTIME {$polltime} # LOCKFILE <path to lockfile> # Path for device lock file. Not used on Win32. -LOCKFILE /var/spool/lock +LOCKFILE {$lockfile} # SCRIPTDIR <path to script directory> # Directory in which apccontrol and event scripts are located. diff --git a/config/apcupsd/apcupsd.inc b/config/apcupsd/apcupsd.inc index a2b8d2ff..3340738a 100644 --- a/config/apcupsd/apcupsd.inc +++ b/config/apcupsd/apcupsd.inc @@ -153,6 +153,7 @@ function sync_package_apcupsd(){ $nisport=($apcupsd_config['nisport'] != ''? $apcupsd_config['nisport'] : "3551"); $upsclass=$apcupsd_config['upsclass']; $upsmode=$apcupsd_config['upsmode']; + $lockfile=($apcupsd_config['lockfile'] != ''? $apcupsd_config['lockfile'] : "/var/tmp"); include("/usr/local/pkg/apcupsd.conf.php"); file_put_contents(APCUPSD_BASE . "/etc/apcupsd/apcupsd.conf", $apcupsdconf, LOCK_EX); @@ -163,6 +164,12 @@ function sync_package_apcupsd(){ $apcupsd_rcfile="/usr/local/etc/rc.d/apcupsd.sh"; if (is_array($apcupsd_config) && $apcupsd_config['apcupsdenabled']=="on"){ $apcupsd_start = "echo \"Starting APC UPS Daemon...\"\n"; + $apcupsd_start .= " if [ ! -d {$lockfile} ]; then \n"; + $apcupsd_start .= " /bin/mkdir -p {$lockfile} \n"; + $apcupsd_start .= " fi \n"; + $apcupsd_start .= " if [ -f {$lockfile}/LCK.. ]; then \n"; + $apcupsd_start .= " /bin/rm -f {$lockfile}/LCK.. \n"; + $apcupsd_start .= " fi \n"; if ($apcupsd_config['killonpowerfail']=="on"){ $apcupsd_start .= " " . APCUPSD_BASE . "/sbin/apcupsd --kill-on-powerfail"; }else{ diff --git a/config/apcupsd/apcupsd.xml b/config/apcupsd/apcupsd.xml index e69344fc..3ed95a7a 100644 --- a/config/apcupsd/apcupsd.xml +++ b/config/apcupsd/apcupsd.xml @@ -40,7 +40,7 @@ <name>Apcupsd</name> <title>Services: Apcupsd (General)</title> <category>Monitoring</category> - <version>0.2</version> + <version>0.3</version> <include_file>/usr/local/pkg/apcupsd.inc</include_file> <addedit_string>Apcupsd has been created/modified.</addedit_string> <delete_string>Apcupsd has been deleted.</delete_string> @@ -198,6 +198,13 @@ UPSTYPE DEVICE Description <br> <type>checkbox</type> </field> <field> + <fielddescr>Lock File</fielddescr> + <fieldname>lockfile</fieldname> + <description>Path for device lock file. Default is /var/tmp</description> + <type>input</type> + <size>60</size> + </field> + <field> <name>Configuration parameters used during power failures</name> <type>listtopic</type> </field> diff --git a/config/autoconfigbackup/autoconfigbackup.inc b/config/autoconfigbackup/autoconfigbackup.inc index 313cc1ac..f67191ae 100644 --- a/config/autoconfigbackup/autoconfigbackup.inc +++ b/config/autoconfigbackup/autoconfigbackup.inc @@ -40,7 +40,7 @@ if(file_exists("/usr/local/pkg/parse_config/parse_config_upload.php")) unlink("/usr/local/pkg/parse_config/parse_config_upload.php"); /* ensures patches match */ -function custom_php_validation_command($post, $input_errors) { +function custom_php_validation_command($post, &$input_errors) { global $_POST, $savemsg, $config; if($post['password'] <> $post['passwordagain']) diff --git a/config/autoconfigbackup/autoconfigbackup.xml b/config/autoconfigbackup/autoconfigbackup.xml index 0d324d8a..1e5d44c1 100644 --- a/config/autoconfigbackup/autoconfigbackup.xml +++ b/config/autoconfigbackup/autoconfigbackup.xml @@ -37,7 +37,7 @@ <description>Automatically backs up your pfSense configuration. All contents are encrypted on the server. Requires Gold or Support Subscription from https://portal.pfsense.org</description> <requirements>pfSense Portal subscription</requirements> <name>AutoConfigBackup</name> - <version>1.22</version> + <version>1.24</version> <title>Diagnostics: Auto Configuration Backup</title> <savetext>Change</savetext> <include_file>/usr/local/pkg/autoconfigbackup.inc</include_file> @@ -140,7 +140,7 @@ </field> </fields> <custom_php_validation_command> - custom_php_validation_command($_POST, &$input_errors); + custom_php_validation_command($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> <![CDATA[ diff --git a/config/blinkled8/blinkled.inc b/config/blinkled8/blinkled.inc index f466da94..6d0da039 100644 --- a/config/blinkled8/blinkled.inc +++ b/config/blinkled8/blinkled.inc @@ -69,7 +69,7 @@ function blinkled_stop() { mwexec("/usr/bin/killall -9 blinkled"); } -function validate_form_blinkled($post, $input_errors) { +function validate_form_blinkled($post, &$input_errors) { /* Make sure both aren't using the same interface */ if (($post['iface_led2']) && ($post['iface_led3']) && (($post['enable_led2']) && ($post['enable_led3'])) && diff --git a/config/blinkled8/blinkled.xml b/config/blinkled8/blinkled.xml index 475e88fc..932d0b0e 100644 --- a/config/blinkled8/blinkled.xml +++ b/config/blinkled8/blinkled.xml @@ -2,7 +2,7 @@ <packagegui> <title>Interfaces: Assign LEDs</title> <name>blinkled</name> - <version>0.4</version> + <version>0.4.1</version> <savetext>Save</savetext> <include_file>/usr/local/pkg/blinkled.inc</include_file> <menu> @@ -61,7 +61,7 @@ </field> </fields> <custom_php_validation_command> - validate_form_blinkled($_POST, &$input_errors); + validate_form_blinkled($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_blinkled(); diff --git a/config/countryblock/countryblock.inc b/config/countryblock/countryblock.inc index 5451b4bf..dc7bffd3 100644 --- a/config/countryblock/countryblock.inc +++ b/config/countryblock/countryblock.inc @@ -139,7 +139,7 @@ function deinstall_command_cb() exec("rm /usr/local/pkg/pf/countryblock.sh"); exec("pfctl -t countryblock -T kill"); exec("sed -i -e '/countryblock/d' /tmp/rules.debug"); - exec("pfctl -o basic -f /tmp/rules.debug"); + exec("pfctl -f /tmp/rules.debug"); conf_mount_ro(); } diff --git a/config/gwled/gwled.inc b/config/gwled/gwled.inc index 7bb25147..dad6fe69 100644 --- a/config/gwled/gwled.inc +++ b/config/gwled/gwled.inc @@ -36,7 +36,7 @@ function gwled_stop() { exec("/bin/pkill -9 -f gwled"); } -function validate_form_gwled($post, $input_errors) { +function validate_form_gwled($post, &$input_errors) { /* Make sure both aren't using the same interface */ if (($post['gw_led2']) && ($post['gw_led3']) && (($post['enable_led2']) && ($post['enable_led3'])) && diff --git a/config/gwled/gwled.xml b/config/gwled/gwled.xml index 4237454b..015ab3bb 100644 --- a/config/gwled/gwled.xml +++ b/config/gwled/gwled.xml @@ -66,7 +66,7 @@ </field> </fields> <custom_php_validation_command> - validate_form_gwled($_POST, &$input_errors); + validate_form_gwled($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_gwled(); diff --git a/config/havp/havp.inc b/config/havp/havp.inc index 29a109ba..f6e37a3b 100644 --- a/config/havp/havp.inc +++ b/config/havp/havp.inc @@ -234,11 +234,11 @@ function havp_deinstall() # ============================================================================== # before form # ------------------------------------------------------------------------------ -function havp_before_form($pkg) +function havp_before_form(&$pkg) { } # ------------------------------------------------------------------------------ -function havp_fscan_before_form($pkg) +function havp_fscan_before_form(&$pkg) { if(is_array($pkg['fields']['field'])) { foreach($pkg['fields']['field'] as $key => $field) { @@ -252,7 +252,7 @@ function havp_fscan_before_form($pkg) # ------------------------------------------------------------------------------ # validation # ------------------------------------------------------------------------------ -function havp_validate_settings($post, $input_errors) +function havp_validate_settings($post, &$input_errors) { $submit = isset($_GET['submit']) ? $_GET['submit'] : $_POST['submit']; diff --git a/config/havp/havp.xml b/config/havp/havp.xml index 1e50eb5e..47611030 100644 --- a/config/havp/havp.xml +++ b/config/havp/havp.xml @@ -3,7 +3,7 @@ <name>havp</name> <title>Antivirus: HTTP proxy (havp + clamav)</title> <category>Status</category> - <version>0.88_03</version> + <version>1.02</version> <include_file>/usr/local/pkg/havp.inc</include_file> <menu> <name>Antivirus</name> @@ -288,10 +288,10 @@ </field> </fields> <custom_php_command_before_form> - havp_before_form(&$pkg); + havp_before_form($pkg); </custom_php_command_before_form> <custom_php_validation_command> - havp_validate_settings($_POST, &$input_errors); + havp_validate_settings($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> havp_resync(); diff --git a/config/havp/havp_avset.xml b/config/havp/havp_avset.xml index 3cea9b76..3d4372f4 100644 --- a/config/havp/havp_avset.xml +++ b/config/havp/havp_avset.xml @@ -92,10 +92,10 @@ </field> </fields> <custom_php_command_before_form> - havp_before_form(&$pkg); + havp_before_form($pkg); </custom_php_command_before_form> <custom_php_validation_command> - havp_validate_settings($_POST, &$input_errors); + havp_validate_settings($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> havp_avset_resync(); diff --git a/config/havp/havp_fscan.xml b/config/havp/havp_fscan.xml index 1f0ca8dc..91dce25c 100644 --- a/config/havp/havp_fscan.xml +++ b/config/havp/havp_fscan.xml @@ -36,10 +36,10 @@ </field> </fields> <custom_php_command_before_form> - havp_fscan_before_form(&$pkg); + havp_fscan_before_form($pkg); </custom_php_command_before_form> <custom_php_validation_command> - havp_validate_settings($_POST, &$input_errors); + havp_validate_settings($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> </custom_php_resync_config_command> diff --git a/config/mailreport/mail_reports.inc b/config/mailreport/mail_reports.inc index aa2bc3ce..5d9e74b2 100644 --- a/config/mailreport/mail_reports.inc +++ b/config/mailreport/mail_reports.inc @@ -240,7 +240,9 @@ function mail_report_generate_graph($database, $style, $graph, $start, $end) { require_once("filter.inc"); require_once("shaper.inc"); require_once("rrd.inc"); + require_once("util.inc"); global $g; + $g['theme'] = get_current_theme(); $pgtitle = array(gettext("System"),gettext("RRD Graphs"),gettext("Image viewer")); diff --git a/config/mailreport/mailreport.xml b/config/mailreport/mailreport.xml index fe0b98b6..fe6899d4 100644 --- a/config/mailreport/mailreport.xml +++ b/config/mailreport/mailreport.xml @@ -37,7 +37,7 @@ ]]> </copyright> <name>mailreport</name> - <version>2.0.10</version> + <version>2.0.11</version> <title>Status: Email Reports</title> <additional_files_needed> <prefix>/usr/local/bin/</prefix> diff --git a/config/nmap/nmap.inc b/config/nmap/nmap.inc index 18708159..272f27ef 100644 --- a/config/nmap/nmap.inc +++ b/config/nmap/nmap.inc @@ -28,7 +28,7 @@ POSSIBILITY OF SUCH DAMAGE. */ -function nmap_custom_php_validation_command($post, $input_errors) { +function nmap_custom_php_validation_command($post, & $input_errors) { global $_POST, $savemsg, $config; if (empty($_POST['hostname'])) { $input_errors[] = gettext("You must enter an IP address to scan."); diff --git a/config/nmap/nmap.xml b/config/nmap/nmap.xml index 4034222a..b07b3982 100644 --- a/config/nmap/nmap.xml +++ b/config/nmap/nmap.xml @@ -46,7 +46,7 @@ <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>nmap</name> - <version>6.01</version> + <version>6.40_2 pkg v1.2.1</version> <title>Diagnostics: NMap</title> <savetext>Scan</savetext> <preoutput>yes</preoutput> @@ -120,6 +120,6 @@ nmap_custom_add_php_command(); </custom_add_php_command> <custom_php_validation_command> - nmap_custom_php_validation_command($_POST, &$input_errors); + nmap_custom_php_validation_command($_POST, $input_errors); </custom_php_validation_command> </packagegui> diff --git a/config/nut/nut.inc b/config/nut/nut.inc index 793e24fd..11fb4b26 100644 --- a/config/nut/nut.inc +++ b/config/nut/nut.inc @@ -97,7 +97,7 @@ return true; } - function before_form_nut($pkg) { + function before_form_nut(&$pkg) { /* return available serial ports */ $serial_types = array("sio", "cua", "tty"); @@ -136,7 +136,7 @@ $field['options']['option'][] = array('name' => $names[$i], 'value' => $values[$i]); } - function validate_form_nut($post, $input_errors) { + function validate_form_nut($post, &$input_errors) { global $config; /* monitor remote validation */ diff --git a/config/nut/nut.xml b/config/nut/nut.xml index b78c9dba..210d7b82 100644 --- a/config/nut/nut.xml +++ b/config/nut/nut.xml @@ -46,7 +46,7 @@ <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>nut</name> - <version>2.6.4 pkg 2.0</version> + <version>2.6.5_1 pkg 2.0.1</version> <title>Services: NUT</title> <savetext>Change</savetext> <aftersaveredirect>/status_nut.php</aftersaveredirect> @@ -646,10 +646,10 @@ </field> </fields> <custom_php_command_before_form> - before_form_nut(&$pkg); + before_form_nut($pkg); </custom_php_command_before_form> <custom_php_validation_command> - validate_form_nut($_POST, &$input_errors); + validate_form_nut($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> sync_package_nut(); diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc index af7d1199..1a34c260 100755 --- a/config/openvpn-client-export/openvpn-client-export.inc +++ b/config/openvpn-client-export/openvpn-client-export.inc @@ -236,7 +236,8 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys if (!empty($proxy)) { if ($proxy['proxy_type'] == "http") { - if ($proto == "udp") { + + if (strtoupper(substr($settings['protocol'], 0, 3)) == "UDP") { $input_errors[] = "This server uses UDP protocol and cannot communicate with HTTP proxy."; return; } @@ -344,7 +345,7 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys $conf .= "management-hold{$nl}"; $conf .= "# query management channel for user/pass{$nl}"; $conf .= "management-query-passwords{$nl}"; - $conf .= "# disconnect VPN when managment program connection is closed{$nl}"; + $conf .= "# disconnect VPN when management program connection is closed{$nl}"; $conf .= "management-signal{$nl}"; $conf .= "# forget password when management disconnects{$nl}"; $conf .= "management-forget-disconnect{$nl}"; @@ -629,7 +630,7 @@ function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $usead file_put_contents("{$tempdir}/{$proxy['passwdfile']}", $pwdfle); } - $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, true, $proxy, "baseconf", $outpass, false, true, $openvpnmanager, $advancedoptions); + $conf = openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifyservercn, $randomlocalport, $usetoken, true, $proxy, "baseconf", $outpass, true, true, $openvpnmanager, $advancedoptions); if (!$conf) return false; @@ -733,7 +734,10 @@ function openvpn_client_export_sharedkey_config($srvid, $useaddr, $proxy, $zipco } else { if (!$interface) $interface = "wan"; - $server_host = get_interface_ip($interface); + if (in_array(strtolower($settings['protocol']), array("udp6", "tcp6"))) + $server_host = get_interface_ipv6($interface); + else + $server_host = get_interface_ip($interface); } } else if ($useaddr == "serverhostname" || empty($useaddr)) { $server_host = empty($config['system']['hostname']) ? "" : "{$config['system']['hostname']}."; @@ -742,7 +746,10 @@ function openvpn_client_export_sharedkey_config($srvid, $useaddr, $proxy, $zipco $server_host = $useaddr; $server_port = $settings['local_port']; - $proto = (strtoupper($settings['protocol']) == 'UDP' ? 'udp' : "tcp-client"); + + $proto = strtolower($settings['protocol']); + if (strtolower(substr($settings['protocol'], 0, 3)) == "tcp") + $proto .= "-client"; $cipher = $settings['crypto']; $digest = !empty($settings['digest']) ? $settings['digest'] : "SHA1"; @@ -837,7 +844,10 @@ function openvpn_client_export_build_remote_lines($settings, $useaddr, $interfac } else { if (!$interface || ($interface == "any")) $interface = "wan"; - $server_host = get_interface_ip($interface); + if (in_array(strtolower($settings['protocol']), array("udp6", "tcp6"))) + $server_host = get_interface_ipv6($interface); + else + $server_host = get_interface_ip($interface); } } else if ($useaddr == "serverhostname" || empty($useaddr)) { $server_host = empty($config['system']['hostname']) ? "" : "{$config['system']['hostname']}."; @@ -845,7 +855,10 @@ function openvpn_client_export_build_remote_lines($settings, $useaddr, $interfac } else $server_host = $useaddr; - $proto = (strtoupper($settings['protocol']) == 'UDP' ? 'udp' : "tcp"); + $proto = strtolower($settings['protocol']); + if (strtolower(substr($settings['protocol'], 0, 3)) == "tcp") + $proto .= "-client"; + if (($expformat == "inlineios") && ($proto == "tcp-client")) $proto = "tcp"; @@ -867,6 +880,9 @@ function openvpn_client_export_find_port_forwards($targetip, $targetport, $targe filter_generate_optcfg_array(); $destinations = array(); + if (!is_array($config['nat']) || !is_array($config['nat']['rule'])) + return $destinations; + foreach ($config['nat']['rule'] as $natent) { $dest = array(); if (!isset($natent['disabled']) diff --git a/config/openvpn-client-export/openvpn-client-export.xml b/config/openvpn-client-export/openvpn-client-export.xml index f8513387..a6a46649 100755 --- a/config/openvpn-client-export/openvpn-client-export.xml +++ b/config/openvpn-client-export/openvpn-client-export.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8" ?> <packagegui> <name>OpenVPN Client Export</name> - <version>1.2.4</version> + <version>1.2.9</version> <title>OpenVPN Client Export</title> <include_file>/usr/local/pkg/openvpn-client-export.inc</include_file> <backup_file></backup_file> diff --git a/config/pfflowd.xml b/config/pfflowd.xml index f8552189..2470e2b2 100644 --- a/config/pfflowd.xml +++ b/config/pfflowd.xml @@ -1,6 +1,6 @@ <packagegui> <name>pfflowd</name> - <version>0.8</version> + <version>0.8.3 pkg v1.0.1</version> <title>pfflowd: Settings</title> <aftersaveredirect>pkg_edit.php?xml=pfflowd.xml&id=0</aftersaveredirect> <menu> @@ -109,7 +109,7 @@ config_unlock(); } - function validate_form_pfflowd($post, $input_errors) { + function validate_form_pfflowd($post, &$input_errors) { if(($post['host'] == "") || !is_ipaddr($post['host'])) $input_errors[] = 'You must specify a valid ip address in the \'Host\' field'; if(($post['port'] == "") || !is_port($post['port'])) @@ -135,7 +135,7 @@ sync_package_pfflowd(); </custom_php_resync_config_command> <custom_php_validation_command> - validate_form_pfflowd($_POST, &$input_errors); + validate_form_pfflowd($_POST, $input_errors); </custom_php_validation_command> <custom_php_command_before_form> cleanup_config_pfflowd(); diff --git a/config/servicewatchdog/services_servicewatchdog.php b/config/servicewatchdog/services_servicewatchdog.php index 920fd1bb..bd4d4442 100644 --- a/config/servicewatchdog/services_servicewatchdog.php +++ b/config/servicewatchdog/services_servicewatchdog.php @@ -56,8 +56,33 @@ if ($_GET['act'] == "del") { servicewatchdog_cron_job(); write_config(); header("Location: services_servicewatchdog.php"); - exit; + return; + } +} + +if (isset($_POST['Update'])) { + /* update selected services */ + if (is_array($_POST['notifies']) && count($_POST['notifies'])) { + /* Check each service and set the notify flag only for those chosen, remove those that are unset. */ + foreach ($a_pwservices as $idx => $thisservice) { + if (!is_array($thisservice)) + continue; + if (in_array($idx, $_POST['notifies'])) { + $a_pwservices[$idx]['notify'] = true; + } else { + if (isset($a_pwservices[$idx]['notify'])) + unset($a_pwservices[$idx]['notify']); + } + } + } else { /* No notifies selected, remove them all. */ + foreach ($a_pwservices as $idx => $thisservice) { + unset($a_pwservices[$idx]['notify']); + } } + servicewatchdog_cron_job(); + write_config(); + header("Location: services_servicewatchdog.php"); + return; } if (isset($_POST['del_x'])) { @@ -69,7 +94,7 @@ if (isset($_POST['del_x'])) { servicewatchdog_cron_job(); write_config(); header("Location: services_servicewatchdog.php"); - exit; + return; } } else { /* yuck - IE won't send value attributes for image buttons, while Mozilla does - so we use .x/.y to find move button clicks instead... */ @@ -141,6 +166,7 @@ include("head.inc"); </td></tr> <tr id="frheader"> <td width="5%" class="list"> </td> +<td width="5%" class="listhdrr">Notify</td> <td width="30%" class="listhdrr"><?=gettext("Service Name");?></td> <td width="60%" class="listhdrr"><?=gettext("Description");?></td> <td width="5%" class="list"> @@ -164,7 +190,8 @@ foreach ($a_pwservices as $thisservice): ?> <tr valign="top" id="fr<?=$nservices;?>"> <td class="listt"><input type="checkbox" id="frc<?=$nservices;?>" name="pwservices[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nservices;?>')" style="margin: 0; padding: 0; width: 15px; height: 15px;" /></td> - <td class="listlr" onclick="fr_toggle(<?=$nservices;?>)" id="frd<?=$nservices;?>" ondblclick="document.location='services_servicewatchdog_add.php?id=<?=$nservices;?>';"> + <td class="listlr"><input type="checkbox" id="notify<?=$nservices;?>" name="notifies[]" value="<?=$i;?>" style="margin: 0; padding: 0; width: 15px; height: 15px;" <?PHP if (isset($thisservice['notify'])) echo 'checked="CHECKED"';?>/></td> + <td class="listr" onclick="fr_toggle(<?=$nservices;?>)" id="frd<?=$nservices;?>" ondblclick="document.location='services_servicewatchdog_add.php?id=<?=$nservices;?>';"> <?=$thisservice['name'];?> </td> <td class="listr" onclick="fr_toggle(<?=$nservices;?>)" id="frd<?=$nservices;?>" ondblclick="document.location='services_servicewatchdog_add.php?id=<?=$nservices;?>';"> @@ -180,7 +207,7 @@ foreach ($a_pwservices as $thisservice): </td></tr> <?php $i++; $nservices++; endforeach; ?> <tr> - <td class="list" colspan="3"></td> + <td class="list" colspan="4"></td> <td class="list" valign="middle" nowrap> <table border="0" cellspacing="0" cellpadding="1" summary="add"> <tr> @@ -199,7 +226,14 @@ foreach ($a_pwservices as $thisservice): </table> </td> </tr> - <tr><td></td><td colspan="3"> + <tr><td></td><td colspan="4"> + <?php echo gettext("Check Notify next to services to perform an e-mail notification when the service is restarted. Configure e-mail notifications to receive the alerts."); ?> + <br/> + <input name="Update" type="submit" class="formbtn" value="<?=gettext("Update Notification Settings"); ?>" /> + <br/> + <br/> + </td><td></td></tr> + <tr><td></td><td colspan="4"> <?php echo gettext("Click to select a service and use the arrows to re-order them in the list. Higher services are checked first."); ?> </td><td></td></tr> </table> diff --git a/config/servicewatchdog/servicewatchdog.inc b/config/servicewatchdog/servicewatchdog.inc index 696e570e..5b638836 100644 --- a/config/servicewatchdog/servicewatchdog.inc +++ b/config/servicewatchdog/servicewatchdog.inc @@ -3,6 +3,7 @@ require_once("config.inc"); require_once("services.inc"); require_once("service-utils.inc"); require_once("util.inc"); +require_once("notices.inc"); function servicewatchdog_service_matches($svc1, $svc2) { /* If the arrays are equal, it must be the same service. */ @@ -74,7 +75,10 @@ function servicewatchdog_check_services() { foreach ($a_pwservices as $svc) { if (!get_service_status($svc)) { $descr = strlen($svc['description']) > 50 ? substr($svc['description'], 0, 50) . "..." : $svc['description']; - log_error("Service Watchdog detected service {$svc['name']} stopped. Restarting {$svc['name']} ({$descr})"); + $error_message = "Service Watchdog detected service {$svc['name']} stopped. Restarting {$svc['name']} ({$descr})"; + log_error($error_message); + if (isset($svc['notify'])) + notify_via_smtp($error_message); service_control_start($svc['name'], $svc); } } diff --git a/config/servicewatchdog/servicewatchdog.xml b/config/servicewatchdog/servicewatchdog.xml index e66f878d..685ba997 100644 --- a/config/servicewatchdog/servicewatchdog.xml +++ b/config/servicewatchdog/servicewatchdog.xml @@ -40,7 +40,7 @@ <requirements>None</requirements> <faq>Monitors for stopped services and restarts them.</faq> <name>Service Watchdog</name> - <version>1.5</version> + <version>1.6</version> <title>Services: Service Watchdog</title> <include_file>/usr/local/pkg/servicewatchdog.inc</include_file> <menu> diff --git a/config/siproxd.inc b/config/siproxd.inc index a34f5b34..7e72c868 100644 --- a/config/siproxd.inc +++ b/config/siproxd.inc @@ -270,7 +270,7 @@ function sync_package_siproxd() { } -function validate_form_siproxd($post, $input_errors) { +function validate_form_siproxd($post, &$input_errors) { if ($post['port'] && !is_port($post['port'])) $input_errors[] = 'Invalid port entered for "Listening Port"'; if ($post['rtplower'] && !is_port($post['rtplower'])) diff --git a/config/siproxd.xml b/config/siproxd.xml index d989f964..27d00f32 100644 --- a/config/siproxd.xml +++ b/config/siproxd.xml @@ -37,7 +37,7 @@ <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>siproxdsettings</name> - <version>0.5.13_pfs2</version> + <version>0.8.0_2 pkg v1.0.1</version> <title>siproxd: Settings</title> <include_file>/usr/local/pkg/siproxd.inc</include_file> <aftersaveredirect>/pkg_edit.php?xml=siproxd.xml&id=0</aftersaveredirect> @@ -339,6 +339,6 @@ </custom_php_resync_config_command> <filter_rules_needed>siproxd_generate_rules</filter_rules_needed> <custom_php_validation_command> - validate_form_siproxd($_POST, &$input_errors); + validate_form_siproxd($_POST, $input_errors); </custom_php_validation_command> </packagegui> diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 1c9c5cd6..c0c5756c 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -53,9 +53,11 @@ $snort_version = $snortver[0]; if (empty($snort_version)) $snort_version = "2.9.6.0"; -/* package version */ -$pfSense_snort_version = "3.0.5"; -$snort_package_version = "Snort {$snort_version} pkg v{$pfSense_snort_version}"; +/* Used to indicate latest version of this include file has been loaded */ +$pfSense_snort_version = "3.0.8"; + +/* get installed package version for display */ +$snort_package_version = "Snort {$config['installedpackages']['package'][get_pkg_id("snort")]['version']}"; // Define SNORTDIR and SNORTLIBDIR constants according to pfSense version $pfs_version=substr(trim(file_get_contents("/etc/version")),0,3); @@ -648,7 +650,7 @@ function snort_post_delete_logs($snort_uuid = 0) { /* Clean-up stats file if enabled */ if ($value['perform_stat'] == 'on') - file_put_contents("{$snort_log_dir}/{$if_real}.stats", ""); + @file_put_contents("{$snort_log_dir}/{$if_real}.stats", ""); } } } @@ -753,8 +755,15 @@ function snort_rm_blocked_install_cron($should_install) { $snort_rm_blocked_expire = "2419200"; } - $command = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t $snort_rm_blocked_expire snort2c"; - install_cron_job($command, $should_install, $snort_rm_blocked_min, $snort_rm_blocked_hr, $snort_rm_blocked_mday, $snort_rm_blocked_month, $snort_rm_blocked_wday, "root"); + // First remove any existing "expiretable" jobs for Snort. + install_cron_job("snort2c", false); + + // Now either install the new or updated cron job, + // or return if "rm_blocked" is disabled + if ($should_install) { + $command = "/usr/bin/nice -n20 /usr/local/sbin/expiretable -t $snort_rm_blocked_expire snort2c"; + install_cron_job($command, $should_install, $snort_rm_blocked_min, $snort_rm_blocked_hr, $snort_rm_blocked_mday, $snort_rm_blocked_month, $snort_rm_blocked_wday, "root"); + } } /* func to install snort update */ @@ -1628,7 +1637,7 @@ function snort_write_enforcing_rules_file($rule_map, $rule_path) { /* If the $rule_map array is empty, then exit. */ if (empty($rule_map)) { - file_put_contents($rule_file, ""); + @file_put_contents($rule_file, ""); return; } @@ -1984,10 +1993,13 @@ function snort_generate_barnyard2_conf($snortcfg, $if_real) { if ($snortcfg['barnyard_mysql_enable'] == 'on') { $by2_dbpwd = base64_decode($snortcfg['barnyard_dbpwd']); $snortbarnyardlog_output_plugins .= "# database: log to a MySQL DB\noutput database: log, mysql, "; - if (isset($snortcfg['barnyard_sensor_name']) && strlen($snortcfg['barnyard_sensor_name']) > 0) - $snortbarnyardlog_output_plugins .= "sensor_name={$snortcfg['barnyard_sensor_name']}, "; $snortbarnyardlog_output_plugins .= "user={$snortcfg['barnyard_dbuser']} password={$by2_dbpwd} "; - $snortbarnyardlog_output_plugins .= "dbname={$snortcfg['barnyard_dbname']} host={$snortcfg['barnyard_dbhost']}\n\n"; + $snortbarnyardlog_output_plugins .= "dbname={$snortcfg['barnyard_dbname']} host={$snortcfg['barnyard_dbhost']}"; + if (isset($snortcfg['barnyard_sensor_name']) && strlen($snortcfg['barnyard_sensor_name']) > 0) + $snortbarnyardlog_output_plugins .= " sensor_name={$snortcfg['barnyard_sensor_name']}"; + if ($snortcfg['barnyard_disable_sig_ref_tbl'] == 'on') + $snortbarnyardlog_output_plugins .= " disable_signature_reference_table"; + $snortbarnyardlog_output_plugins .= "\n\n"; } if ($snortcfg['barnyard_syslog_enable'] == 'on') { $snortbarnyardlog_output_plugins .= "# syslog_full: log to a syslog receiver\noutput alert_syslog_full: "; @@ -2109,7 +2121,7 @@ function snort_deinstall() { } } $config['widgets']['sequence'] = implode(",", $widgetlist); - write_config(); + write_config("Snort pkg: remove Snort Dashboard Widget on package deinstall."); } /* See if we are to clear blocked hosts on uninstall */ @@ -2199,7 +2211,7 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) { $sd_tmp_new_file=""; foreach ($sd_tmp_file as $sd_tmp_line) $sd_tmp_new_file.=preg_match("/$sdf_alert_pattern/i",$sd_tmp_line) ? $sd_tmp_line : ""; - file_put_contents("{$snortcfgdir}/preproc_rules/sensitive-data.rules",$sd_tmp_new_file,LOCK_EX); + @file_put_contents("{$snortcfgdir}/preproc_rules/sensitive-data.rules",$sd_tmp_new_file,LOCK_EX); } } elseif ($snortcfg['sensitive_data'] != 'on' && $snortcfg['protect_preproc_rules'] != 'on') { @@ -3541,7 +3553,7 @@ EOD; // Check for and configure Host Attribute Table if enabled $host_attrib_config = ""; if ($snortcfg['host_attribute_table'] == "on" && !empty($snortcfg['host_attribute_data'])) { - file_put_contents("{$snortcfgdir}/host_attributes", base64_decode($snortcfg['host_attribute_data'])); + @file_put_contents("{$snortcfgdir}/host_attributes", base64_decode($snortcfg['host_attribute_data'])); $host_attrib_config = "# Host Attribute Table #\n"; $host_attrib_config .= "attribute_table filename {$snortcfgdir}/host_attributes\n"; if (!empty($snortcfg['max_attribute_hosts'])) @@ -3778,7 +3790,7 @@ output alert_csv: alert timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,src EOD; // Write out snort.conf file - file_put_contents("{$snortcfgdir}/snort.conf", $snort_conf_text); + @file_put_contents("{$snortcfgdir}/snort.conf", $snort_conf_text); conf_mount_ro(); unset($snort_conf_text, $selected_rules_sections, $suppress_file_name, $snort_misc_include_rules, $spoink_type, $snortunifiedlog_type, $alertsystemlog_type); unset($home_net, $external_net, $ipvardef, $portvardef); diff --git a/config/snort/snort.xml b/config/snort/snort.xml index d391d397..ca99accf 100755 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -47,7 +47,7 @@ <faq>Currently there are no FAQ items provided.</faq> <name>Snort</name> <version>2.9.6.0</version> - <title>Services:2.9.6.0 pkg v3.0.5</title> + <title>Services:2.9.6.0 pkg v3.0.8</title> <include_file>/usr/local/pkg/snort/snort.inc</include_file> <menu> <name>Snort</name> @@ -269,7 +269,7 @@ </custom_add_php_command> <custom_php_resync_config_command> <![CDATA[ - if ($GLOBALS['pfSense_snort_version'] == "3.0.5") + if ($GLOBALS['pfSense_snort_version'] == "3.0.8") sync_snort_package_config(); ]]> </custom_php_resync_config_command> diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php index 998cd061..45443ec2 100755 --- a/config/snort/snort_alerts.php +++ b/config/snort/snort_alerts.php @@ -99,11 +99,13 @@ function snort_add_supplist_entry($suppress) { $a_suppress[] = $s_list; $a_instance[$instanceid]['suppresslistname'] = $s_list['name']; $found_list = true; + $list_name = $s_list['name']; } else { /* If we get here, a Suppress List is defined for the interface so see if we can find it */ foreach ($a_suppress as $a_id => $alist) { if ($alist['name'] == $a_instance[$instanceid]['suppresslistname']) { $found_list = true; + $list_name = $alist['name']; if (!empty($alist['suppresspassthru'])) { $tmplist = base64_decode($alist['suppresspassthru']); $tmplist .= "\n{$suppress}"; @@ -121,7 +123,7 @@ function snort_add_supplist_entry($suppress) { /* If we created a new list or updated an existing one, save the change, */ /* tell Snort to load it, and return true; otherwise return false. */ if ($found_list) { - write_config(); + write_config("Snort pkg: modified Suppress List {$list_name}."); sync_snort_package_config(); snort_reload_config($a_instance[$instanceid]); return true; @@ -168,7 +170,7 @@ if ($_POST['save']) { $config['installedpackages']['snortglobal']['alertsblocks']['arefresh'] = $_POST['arefresh'] ? 'on' : 'off'; $config['installedpackages']['snortglobal']['alertsblocks']['alertnumber'] = $_POST['alertnumber']; - write_config(); + write_config("Snort pkg: updated ALERTS tab settings."); header("Location: /snort/snort_alerts.php?instance={$instanceid}"); exit; @@ -274,7 +276,7 @@ if ($_POST['togglesid'] && is_numeric($_POST['sidid']) && is_numeric($_POST['gen unset($a_instance[$instanceid]['rule_sid_off']); /* Update the config.xml file. */ - write_config(); + write_config("Snort pkg: modified state for rule {$gid}:{$sid}"); /*************************************************/ /* Update the snort.conf file and rebuild the */ diff --git a/config/snort/snort_barnyard.php b/config/snort/snort_barnyard.php index 7acf95c3..902c1637 100644 --- a/config/snort/snort_barnyard.php +++ b/config/snort/snort_barnyard.php @@ -144,6 +144,7 @@ if ($_POST['save']) { $natent['barnyard_syslog_enable'] = $_POST['barnyard_syslog_enable'] ? 'on' : 'off'; $natent['barnyard_syslog_local'] = $_POST['barnyard_syslog_local'] ? 'on' : 'off'; $natent['barnyard_bro_ids_enable'] = $_POST['barnyard_bro_ids_enable'] ? 'on' : 'off'; + $natent['barnyard_disable_sig_ref_tbl'] = $_POST['barnyard_disable_sig_ref_tbl'] ? 'on' : 'off'; $natent['barnyard_syslog_opmode'] = $_POST['barnyard_syslog_opmode']; $natent['barnyard_syslog_proto'] = $_POST['barnyard_syslog_proto']; @@ -163,7 +164,7 @@ if ($_POST['save']) { if ($_POST['barnconfigpassthru']) $natent['barnconfigpassthru'] = base64_encode($_POST['barnconfigpassthru']); else unset($natent['barnconfigpassthru']); $a_nat[$id] = $natent; - write_config(); + write_config("Snort pkg: modified Barnyard2 settings."); // No need to rebuild rules for Barnyard2 changes $rebuild_rules = false; @@ -378,6 +379,14 @@ include_once("head.inc"); <?php echo gettext("Password for the MySQL database user"); ?> </td> </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Disable Signature Reference Table"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_disable_sig_ref_tbl" type="checkbox" value="on" <?php if ($pconfig['barnyard_disable_sig_ref_tbl'] == "on") echo "checked"; ?>/> + <?php echo gettext("Disable synchronization of sig_reference table in schema. Default value is ") . "<strong>" . gettext("Not Checked") . "</strong>"; ?><br/> + <br/><?php echo gettext("This option will speedup the process when checked, plus it can help work around a 'duplicate entry' error when running multiple Snort instances."); ?> + </td> + </tr> </tbody> <tr> <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Syslog Output Settings"); ?></td> @@ -539,6 +548,7 @@ function toggle_mySQL() { document.iform.barnyard_dbname.disabled = endis; document.iform.barnyard_dbuser.disabled = endis; document.iform.barnyard_dbpwd.disabled = endis; + document.iform.barnyard_disable_sig_ref_tbl.disabled = endis; if (endis) document.getElementById("mysql_config_rows").style.display = "none"; @@ -608,6 +618,7 @@ function enable_change(enable_change) { document.iform.barnyard_dbname.disabled = endis; document.iform.barnyard_dbuser.disabled = endis; document.iform.barnyard_dbpwd.disabled = endis; + document.iform.barnyard_disable_sig_ref_tbl.disabled = endis; document.iform.barnyard_syslog_enable.disabled = endis; document.iform.barnyard_syslog_local.disabled = endis; document.iform.barnyard_syslog_opmode_default.disabled = endis; diff --git a/config/snort/snort_blocked.php b/config/snort/snort_blocked.php index b05384ae..76d5a9df 100644 --- a/config/snort/snort_blocked.php +++ b/config/snort/snort_blocked.php @@ -119,7 +119,7 @@ if ($_POST['save']) $config['installedpackages']['snortglobal']['alertsblocks']['brefresh'] = $_POST['brefresh'] ? 'on' : 'off'; $config['installedpackages']['snortglobal']['alertsblocks']['blertnumber'] = $_POST['blertnumber']; - write_config(); + write_config("Snort pkg: updated BLOCKED tab settings."); header("Location: /snort/snort_blocked.php"); exit; diff --git a/config/snort/snort_check_cron_misc.inc b/config/snort/snort_check_cron_misc.inc index 7b0cfe34..a5b9e65e 100644 --- a/config/snort/snort_check_cron_misc.inc +++ b/config/snort/snort_check_cron_misc.inc @@ -58,7 +58,7 @@ function snort_check_dir_size_limit($snortloglimitsize) { // Truncate the Rules Update Log file if it exists if (file_exists(RULES_UPD_LOGFILE)) { log_error(gettext("[Snort] Truncating the Rules Update Log file...")); - file_put_contents(RULES_UPD_LOGFILE, ""); + @file_put_contents(RULES_UPD_LOGFILE, ""); } // Clean-up the logs for each configured Snort instance @@ -71,7 +71,7 @@ function snort_check_dir_size_limit($snortloglimitsize) { // Truncate the alert log file if it exists if (file_exists("{$snort_log_dir}/alert")) { - file_put_contents("{$snort_log_dir}/alert", ""); + @file_put_contents("{$snort_log_dir}/alert", ""); } // This is needed if snort is run as snort user diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php index f16e3310..667f4044 100755 --- a/config/snort/snort_check_for_rule_updates.php +++ b/config/snort/snort_check_for_rule_updates.php @@ -68,6 +68,7 @@ if (!defined("IPREP_PATH")) $snortdir = SNORTDIR; $snortlibdir = SNORTLIBDIR; $snortlogdir = SNORTLOGDIR; +$snortiprepdir = IPREP_PATH; $snort_rules_upd_log = RULES_UPD_LOGFILE; /* Save the state of $pkg_interface so we can restore it */ @@ -415,7 +416,7 @@ safe_mkdir("{$snortdir}/preproc_rules"); safe_mkdir("{$tmpfname}"); safe_mkdir("{$snortlibdir}/dynamicrules"); safe_mkdir("{$snortlogdir}"); -safe_mkdir(IPREP_PATH); +safe_mkdir("{$snortiprepdir}"); /* See if we need to automatically clear the Update Log based on 1024K size limit */ if (file_exists($snort_rules_upd_log)) { @@ -812,5 +813,5 @@ if ($update_errors) else $config['installedpackages']['snortglobal']['last_rule_upd_status'] = gettext("success"); $config['installedpackages']['snortglobal']['last_rule_upd_time'] = time(); -write_config(); +write_config("Snort pkg: updated status for updated rules package(s) check."); ?> diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php index d210da2c..4d1b3c2e 100755 --- a/config/snort/snort_define_servers.php +++ b/config/snort/snort_define_servers.php @@ -134,7 +134,7 @@ if ($_POST['save']) { $a_nat[$id] = $natent; - write_config(); + write_config("Snort pkg: modified settings for VARIABLES tab."); /* Update the snort conf file for this interface. */ $rebuild_rules = false; diff --git a/config/snort/snort_edit_hat_data.php b/config/snort/snort_edit_hat_data.php index cef6a894..a5ec0aad 100644 --- a/config/snort/snort_edit_hat_data.php +++ b/config/snort/snort_edit_hat_data.php @@ -66,7 +66,7 @@ else if ($_POST['clear']) { unset($a_nat[$id]['host_attribute_data']); $a_nat[$id]['host_attribute_table'] = 'off'; - write_config(); + write_config("Snort pkg: cleared Host Attribute Table data for {$a_nat[$id]['interface']}."); $rebuild_rules = false; snort_generate_conf($a_nat[$id]); $pconfig['host_attribute_data'] = ""; @@ -78,7 +78,7 @@ if ($_POST['save']) { $a_nat[$id]['host_attribute_table'] = 'on'; else $a_nat[$id]['host_attribute_table'] = 'off'; - write_config(); + write_config("Snort pkg: modified Host Attribute Table data for {$a_nat[$id]['interface']}."); $rebuild_rules = false; snort_generate_conf($a_nat[$id]); $pconfig['host_attribute_data'] = $_POST['host_attribute_data']; diff --git a/config/snort/snort_frag3_engine.php b/config/snort/snort_frag3_engine.php index a4c8cb53..9489bf16 100644 --- a/config/snort/snort_frag3_engine.php +++ b/config/snort/snort_frag3_engine.php @@ -185,7 +185,7 @@ if ($_POST['save']) { } /* Now write the new engine array to conf */ - write_config(); + write_config("Snort pkg: modified frag3 engine settings."); header("Location: /snort/snort_preprocessors.php?id={$id}#frag3_row"); exit; diff --git a/config/snort/snort_ftp_client_engine.php b/config/snort/snort_ftp_client_engine.php index 9058a06e..f462efa8 100644 --- a/config/snort/snort_ftp_client_engine.php +++ b/config/snort/snort_ftp_client_engine.php @@ -216,7 +216,7 @@ if ($_POST['save']) { } /* Now write the new engine array to conf */ - write_config(); + write_config("Snort pkg: modified ftp_telnet_client engine settings."); header("Location: /snort/snort_preprocessors.php?id={$id}#ftp_telnet_row_ftp_proto_opts"); exit; diff --git a/config/snort/snort_ftp_server_engine.php b/config/snort/snort_ftp_server_engine.php index 618c8d85..cb9abc9c 100644 --- a/config/snort/snort_ftp_server_engine.php +++ b/config/snort/snort_ftp_server_engine.php @@ -187,7 +187,7 @@ if ($_POST['save']) { } /* Now write the new engine array to conf */ - write_config(); + write_config("Snort pkg: modified ftp_telnet_server engine settings."); header("Location: /snort/snort_preprocessors.php?id={$id}#ftp_telnet_row_ftp_proto_opts"); exit; diff --git a/config/snort/snort_httpinspect_engine.php b/config/snort/snort_httpinspect_engine.php index 47495ebe..c7680892 100644 --- a/config/snort/snort_httpinspect_engine.php +++ b/config/snort/snort_httpinspect_engine.php @@ -296,7 +296,7 @@ if ($_POST['save']) { } // Now write the new engine array to conf - write_config(); + write_config("Snort pkg: modified http_inspect engine settings."); header("Location: /snort/snort_preprocessors.php?id={$id}#httpinspect_row"); exit; diff --git a/config/snort/snort_import_aliases.php b/config/snort/snort_import_aliases.php index 7edadea7..80b3bb1d 100644 --- a/config/snort/snort_import_aliases.php +++ b/config/snort/snort_import_aliases.php @@ -206,7 +206,7 @@ if ($_POST['save']) { } // Now write the new engine array to conf and return - write_config(); + write_config("Snort pkg: imported new host or network alias."); header("Location: /snort/snort_preprocessors.php?id={$id}{$anchor}"); exit; diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php index 9f42ab2e..c82ec57e 100755 --- a/config/snort/snort_interfaces.php +++ b/config/snort/snort_interfaces.php @@ -65,7 +65,7 @@ if (isset($_POST['del_x'])) { if (empty($a_nat)) unset($a_nat); - write_config(); + write_config("Snort pkg: deleted one or more Snort interfaces."); sleep(2); /* if there are no ifaces remaining do not create snort.sh */ diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php index 1f3a3cbe..4c868844 100755 --- a/config/snort/snort_interfaces_edit.php +++ b/config/snort/snort_interfaces_edit.php @@ -273,7 +273,7 @@ if ($_POST["save"]) { snort_stop($natent, $if_real); /* Save configuration changes */ - write_config(); + write_config("Snort pkg: modified interface configuration for {$natent['interface']}."); /* Most changes don't require a rules rebuild, so default to "off" */ $rebuild_rules = false; diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php index 99c8313d..69a182bd 100644 --- a/config/snort/snort_interfaces_global.php +++ b/config/snort/snort_interfaces_global.php @@ -151,7 +151,7 @@ if (!$input_errors) { /* create whitelist and homenet file then sync files */ sync_snort_package_config(); - write_config(); + write_config("Snort pkg: modified global settings."); /* forces page to reload new settings */ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); diff --git a/config/snort/snort_interfaces_suppress.php b/config/snort/snort_interfaces_suppress.php index 216b93c6..ecbd04a7 100644 --- a/config/snort/snort_interfaces_suppress.php +++ b/config/snort/snort_interfaces_suppress.php @@ -76,7 +76,7 @@ if ($_POST['del']) { } else { unset($a_suppress[$_POST['list_id']]); - write_config(); + write_config("Snort pkg: deleted a Suppress List."); header("Location: /snort/snort_interfaces_suppress.php"); exit; } diff --git a/config/snort/snort_interfaces_suppress_edit.php b/config/snort/snort_interfaces_suppress_edit.php index 370fa017..986bfc38 100644 --- a/config/snort/snort_interfaces_suppress_edit.php +++ b/config/snort/snort_interfaces_suppress_edit.php @@ -109,7 +109,6 @@ if ($_POST['save']) { } } - if (!$input_errors) { $s_list = array(); $s_list['name'] = $_POST['name']; @@ -125,7 +124,7 @@ if ($_POST['save']) { else $a_suppress[] = $s_list; - write_config(); + write_config("Snort pkg: modified Suppress List {$s_list['name']}."); sync_snort_package_config(); header("Location: /snort/snort_interfaces_suppress.php"); @@ -142,14 +141,14 @@ include_once("head.inc"); <?php include("fbegin.inc"); -if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';} - -if ($input_errors) print_input_errors($input_errors); +if ($input_errors) + print_input_errors($input_errors); if ($savemsg) print_info_box($savemsg); ?> <form action="/snort/snort_interfaces_suppress_edit.php" name="iform" id="iform" method="post"> +<input name="id" type="hidden" value="<?=$id;?>"/> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> <?php @@ -215,8 +214,7 @@ if ($savemsg) <td colspan="2"><input id="save" name="save" type="submit" class="formbtn" value="Save" /> <input id="cancelbutton" name="cancelbutton" type="button" class="formbtn" value="Cancel" - onclick="history.back();"/> <?php if (isset($id) && $a_suppress[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"/> <?php endif; ?> + onclick="history.back();"/> </td> </tr> </table> diff --git a/config/snort/snort_ip_reputation.php b/config/snort/snort_ip_reputation.php index a59021db..3de8c661 100644 --- a/config/snort/snort_ip_reputation.php +++ b/config/snort/snort_ip_reputation.php @@ -75,13 +75,24 @@ if ($_POST['mode'] == 'blist_add' && isset($_POST['iplist'])) { // Test the supplied IP List file to see if it exists if (file_exists($_POST['iplist'])) { - $a_nat[$id]['blist_files']['item'][] = basename($_POST['iplist']); - write_config(); - $pconfig['blist_files'] = $a_nat[$id]['blist_files']; - $pconfig['wlist_files'] = $a_nat[$id]['wlist_files']; + // See if the file is already assigned to the interface + foreach ($a_nat[$id]['blist_files']['item'] as $f) { + if ($f == basename($_POST['iplist'])) { + $input_errors[] = gettext("The file {$f} is already assigned as a blacklist file."); + break; + } + } + if (!$input_errors) { + $a_nat[$id]['blist_files']['item'][] = basename($_POST['iplist']); + write_config("Snort pkg: added new blacklist file for IP REPUTATION preprocessor."); + mark_subsystem_dirty('snort_iprep'); + } } else $input_errors[] = gettext("The file '{$_POST['iplist']}' could not be found."); + + $pconfig['blist_files'] = $a_nat[$id]['blist_files']; + $pconfig['wlist_files'] = $a_nat[$id]['wlist_files']; } if ($_POST['mode'] == 'wlist_add' && isset($_POST['iplist'])) { @@ -89,19 +100,31 @@ if ($_POST['mode'] == 'wlist_add' && isset($_POST['iplist'])) { // Test the supplied IP List file to see if it exists if (file_exists($_POST['iplist'])) { - $a_nat[$id]['wlist_files']['item'][] = basename($_POST['iplist']); - write_config(); - $pconfig['wlist_files'] = $a_nat[$id]['wlist_files']; - $pconfig['blist_files'] = $a_nat[$id]['blist_files']; + // See if the file is already assigned to the interface + foreach ($a_nat[$id]['wlist_files']['item'] as $f) { + if ($f == basename($_POST['iplist'])) { + $input_errors[] = gettext("The file {$f} is already assigned as a whitelist file."); + break; + } + } + if (!$input_errors) { + $a_nat[$id]['wlist_files']['item'][] = basename($_POST['iplist']); + write_config("Snort pkg: added new whitelist file for IP REPUTATION preprocessor."); + mark_subsystem_dirty('snort_iprep'); + } } else $input_errors[] = gettext("The file '{$_POST['iplist']}' could not be found."); + + $pconfig['blist_files'] = $a_nat[$id]['blist_files']; + $pconfig['wlist_files'] = $a_nat[$id]['wlist_files']; } if ($_POST['blist_del'] && is_numericint($_POST['list_id'])) { $pconfig = $_POST; unset($a_nat[$id]['blist_files']['item'][$_POST['list_id']]); - write_config(); + write_config("Snort pkg: deleted blacklist file for IP REPUTATION preprocessor."); + mark_subsystem_dirty('snort_iprep'); $pconfig['blist_files'] = $a_nat[$id]['blist_files']; $pconfig['wlist_files'] = $a_nat[$id]['wlist_files']; } @@ -109,12 +132,13 @@ if ($_POST['blist_del'] && is_numericint($_POST['list_id'])) { if ($_POST['wlist_del'] && is_numericint($_POST['list_id'])) { $pconfig = $_POST; unset($a_nat[$id]['wlist_files']['item'][$_POST['list_id']]); - write_config(); + write_config("Snort pkg: deleted whitelist file for IP REPUTATION preprocessor."); + mark_subsystem_dirty('snort_iprep'); $pconfig['wlist_files'] = $a_nat[$id]['wlist_files']; $pconfig['blist_files'] = $a_nat[$id]['blist_files']; } -if ($_POST['save']) { +if ($_POST['save'] || $_POST['apply']) { $natent = array(); $natent = $pconfig; @@ -134,7 +158,7 @@ if ($_POST['save']) { $a_nat[$id] = $natent; - write_config(); + write_config("Snort pkg: modified IP REPUTATION preprocessor settings for {$a_nat[$id]['interface']}."); // Update the snort conf file for this interface $rebuild_rules = false; @@ -143,6 +167,9 @@ if ($_POST['save']) { // Soft-restart Snort to live-load new variables snort_reload_config($a_nat[$id]); $pconfig = $natent; + + // We have saved changes and done a soft restart, so clear "dirty" flag + clear_subsystem_dirty('snort_iprep'); } else $pconfig = $_POST; @@ -169,6 +196,11 @@ if ($savemsg) <input type="hidden" id="mode" name="mode" value="" /> <input name="iplist" id="iplist" type="hidden" value="" /> <input name="list_id" id="list_id" type="hidden" value="" /> + +<?php if (is_subsystem_dirty('snort_iprep')): ?><p> +<?php print_info_box_np(gettext("A change has been made to blacklist or whitelist file assignments.") . "<br/>" . gettext("You must apply the changes in order for them to take effect."));?> +<?php endif; ?> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td> @@ -379,7 +411,6 @@ if ($savemsg) </td> </tr> </table> -</form> <script type="text/javascript"> Event.observe( @@ -469,6 +500,7 @@ function wlistComplete(req) { </script> +</form> <?php include("fend.inc"); ?> </body> </html> diff --git a/config/snort/snort_migrate_config.php b/config/snort/snort_migrate_config.php index d7a20726..d483ba47 100644 --- a/config/snort/snort_migrate_config.php +++ b/config/snort/snort_migrate_config.php @@ -339,7 +339,6 @@ foreach ($rule as &$r) { $pconfig['barnyard_dbpwd'] = base64_encode($matches[2][$k]); } $pconfig['barnyard_mysql_enable'] = 'on'; - $pconfig['barnyard_enable'] = 'on'; unset($pconfig['barnyard_mysql']); } // Since Barnyard2 was enabled, configure the new archived log settings @@ -366,9 +365,9 @@ unset($r); // Write out the new configuration to disk if we changed anything if ($updated_cfg) { - $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.5"; + $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.8"; log_error("[Snort] Saving configuration settings in new format..."); - write_config(); + write_config("Snort pkg: migrate existing settings to new format as part of package upgrade."); log_error("[Snort] Settings successfully migrated to new configuration format..."); } else diff --git a/config/snort/snort_passlist.php b/config/snort/snort_passlist.php index 4eea356a..2cac9cd4 100644 --- a/config/snort/snort_passlist.php +++ b/config/snort/snort_passlist.php @@ -85,7 +85,7 @@ if ($_POST['del'] && is_numericint($_POST['list_id'])) { } if (!$input_errors) { unset($a_passlist[$_POST['list_id']]); - write_config(); + write_config("Snort pkg: deleted PASS LIST."); sync_snort_package_config(); header("Location: /snort/snort_passlist.php"); exit; diff --git a/config/snort/snort_passlist_edit.php b/config/snort/snort_passlist_edit.php index e486a076..3be776f4 100644 --- a/config/snort/snort_passlist_edit.php +++ b/config/snort/snort_passlist_edit.php @@ -156,7 +156,7 @@ if ($_POST['save']) { else $a_passlist[] = $w_list; - write_config(); + write_config("Snort pkg: modified PASS LIST {$w_list['name']}."); /* create pass list and homenet file, then sync files */ sync_snort_package_config(); diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php index c2b46cd5..8d3c427d 100644 --- a/config/snort/snort_post_install.php +++ b/config/snort/snort_post_install.php @@ -1423,7 +1423,7 @@ if ($pkgid >= 0) { log_error(gettext("[Snort] Removing legacy 'Dashboard Widget: Snort' package because the widget is now part of the Snort package.")); unset($config['installedpackages']['package'][$pkgid]); unlink_if_exists("/usr/local/pkg/widget-snort.xml"); - write_config(); + write_config("Snort pkg: removed legacy Snort Dashboard Widget."); } /* Define a default Dashboard Widget Container for Snort */ @@ -1494,8 +1494,8 @@ if (stristr($config['widgets']['sequence'], "snort_alerts-container") === FALSE) $config['widgets']['sequence'] .= ",{$snort_widget_container}"; /* Update Snort package version in configuration */ -$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.5"; -write_config(); +$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.8"; +write_config("Snort pkg: post-install configuration saved."); /* Done with post-install, so clear flag */ unset($g['snort_postinstall']); diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php index 6c3dc90f..5cee95df 100755 --- a/config/snort/snort_preprocessors.php +++ b/config/snort/snort_preprocessors.php @@ -199,7 +199,7 @@ if ($_GET['act'] == "import" && isset($_GET['varname']) && !empty($_GET['varvalu if ($_POST['del_http_inspect']) { if (isset($_POST['eng_id']) && isset($id) && issset($a_nat[$id])) { unset($a_nat[$id]['http_inspect_engine']['item'][$_POST['eng_id']]); - write_config(); + write_config("Snort pkg: deleted http_inspect engine for {$a_nat[$id]['interface']}."); header("Location: snort_preprocessors.php?id=$id#httpinspect_row"); exit; } @@ -207,7 +207,7 @@ if ($_POST['del_http_inspect']) { elseif ($_POST['del_frag3']) { if (isset($_POST['eng_id']) && isset($id) && isset($a_nat[$id])) { unset($a_nat[$id]['frag3_engine']['item'][$_POST['eng_id']]); - write_config(); + write_config("Snort pkg: deleted frag3 engine for {$a_nat[$id]['interface']}."); header("Location: snort_preprocessors.php?id=$id#frag3_row"); exit; } @@ -215,7 +215,7 @@ elseif ($_POST['del_frag3']) { elseif ($_POST['del_stream5_tcp']) { if (isset($_POST['eng_id']) && isset($id) && isset($a_nat[$id])) { unset($a_nat[$id]['stream5_tcp_engine']['item'][$_POST['eng_id']]); - write_config(); + write_config("Snort pkg: deleted stream5 engine for {$a_nat[$id]['interface']}."); header("Location: snort_preprocessors.php?id=$id#stream5_row"); exit; } @@ -223,7 +223,7 @@ elseif ($_POST['del_stream5_tcp']) { elseif ($_POST['del_ftp_client']) { if (isset($_POST['eng_id']) && isset($id) && isset($a_nat[$id])) { unset($a_nat[$id]['ftp_client_engine']['item'][$_POST['eng_id']]); - write_config(); + write_config("Snort pkg: deleted ftp_client engine for {$a_nat[$id]['interface']}."); header("Location: snort_preprocessors.php?id=$id#ftp_telnet_row"); exit; } @@ -231,7 +231,7 @@ elseif ($_POST['del_ftp_client']) { elseif ($_POST['del_ftp_server']) { if (isset($_POST['eng_id']) && isset($id) && isset($a_nat[$id])) { unset($a_nat[$id]['ftp_server_engine']['item'][$_POST['eng_id']]); - write_config(); + write_config("Snort pkg: deleted ftp_server engine for {$a_nat[$id]['interface']}."); header("Location: snort_preprocessors.php?id=$id#ftp_telnet_row"); exit; } @@ -377,7 +377,7 @@ if ($_POST['save']) { if (isset($id) && isset($a_nat[$id])) { $a_nat[$id] = $natent; - write_config(); + write_config("Snort pkg: saved modified preprocessor settings for {$a_nat[$id]['interface']}."); } /*************************************************/ @@ -427,7 +427,7 @@ if ($_POST['btn_import']) { $pconfig['host_attribute_data'] = $a_nat[$id]['host_attribute_data']; $a_nat[$id]['max_attribute_hosts'] = $pconfig['max_attribute_hosts']; $a_nat[$id]['max_attribute_services_per_host'] = $pconfig['max_attribute_services_per_host']; - write_config(); + write_config("Snort pkg: imported Host Attribute Table data for {$a_nat[$id]['interface']}."); } header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); @@ -449,7 +449,7 @@ if ($_POST['btn_edit_hat']) { $a_nat[$id]['host_attribute_table'] = "on"; $a_nat[$id]['max_attribute_hosts'] = $pconfig['max_attribute_hosts']; $a_nat[$id]['max_attribute_services_per_host'] = $pconfig['max_attribute_services_per_host']; - write_config(); + write_config("Snort pkg: modified Host Attribute Table data for {$a_nat[$id]['interface']}."); header("Location: snort_edit_hat_data.php?id=$id"); exit; } diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php index 158999f9..e69152c3 100755 --- a/config/snort/snort_rules.php +++ b/config/snort/snort_rules.php @@ -196,7 +196,7 @@ if ($_POST['toggle'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid']) & unset($a_rule[$id]['rule_sid_off']); /* Update the config.xml file. */ - write_config(); + write_config("Snort pkg: modified state for rule {$gid}:{$sid} on {$a_rule[$id]['interface']}."); $anchor = "rule_{$gid}_{$sid}"; } @@ -236,7 +236,7 @@ elseif ($_POST['disable_all'] && !empty($rules_map)) { else unset($a_rule[$id]['rule_sid_off']); - write_config(); + write_config("Snort pkg: disabled all rules in category {$currentruleset} for {$a_rule[$id]['interface']}."); } elseif ($_POST['enable_all'] && !empty($rules_map)) { @@ -273,7 +273,7 @@ elseif ($_POST['enable_all'] && !empty($rules_map)) { else unset($a_rule[$id]['rule_sid_off']); - write_config(); + write_config("Snort pkg: enable all rules in category {$currentruleset} for {$a_rule[$id]['interface']}."); } elseif ($_POST['resetcategory'] && !empty($rules_map)) { @@ -312,7 +312,7 @@ elseif ($_POST['resetcategory'] && !empty($rules_map)) { else unset($a_rule[$id]['rule_sid_off']); - write_config(); + write_config("Snort pkg: remove enablesid/disablesid changes for category {$currentruleset} on {$a_rule[$id]['interface']}."); } elseif ($_POST['resetall'] && !empty($rules_map)) { @@ -321,14 +321,14 @@ elseif ($_POST['resetall'] && !empty($rules_map)) { unset($a_rule[$id]['rule_sid_off']); /* Update the config.xml file. */ - write_config(); + write_config("Snort pkg: remove all enablesid/disablesid changes for {$a_rule[$id]['interface']}."); } else if ($_POST['cancel']) { $pconfig['customrules'] = base64_decode($a_rule[$id]['customrules']); } elseif ($_POST['clear']) { unset($a_rule[$id]['customrules']); - write_config(); + write_config("Snort pkg: clear all custom rules for {$a_rule[$id]['interface']}."); $rebuild_rules = true; snort_generate_conf($a_rule[$id]); $rebuild_rules = false; @@ -340,7 +340,7 @@ elseif ($_POST['save']) { $a_rule[$id]['customrules'] = base64_encode($_POST['customrules']); else unset($a_rule[$id]['customrules']); - write_config(); + write_config("Snort pkg: save modified custom rules for {$a_rule[$id]['interface']}."); $rebuild_rules = true; snort_generate_conf($a_rule[$id]); $rebuild_rules = false; @@ -364,7 +364,7 @@ elseif ($_POST['save']) { } else if ($_POST['apply']) { /* Save new configuration */ - write_config(); + write_config("Snort pkg: save new rules configuration for {$a_rule[$id]['interface']}."); /*************************************************/ /* Update the snort conf file and rebuild the */ diff --git a/config/snort/snort_rules_flowbits.php b/config/snort/snort_rules_flowbits.php index de5bdc6b..daf1c4ef 100644 --- a/config/snort/snort_rules_flowbits.php +++ b/config/snort/snort_rules_flowbits.php @@ -125,7 +125,7 @@ if ($_POST['addsuppress'] && is_numeric($_POST['sid']) && is_numeric($_POST['gid } } if ($found_list) { - write_config(); + write_config("Snort pkg: modified Suppress List for {$a_nat[$id]['interface']}."); $rebuild_rules = false; sync_snort_package_config(); snort_reload_config($a_nat[$id]); diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php index 46a67913..79365f5f 100755 --- a/config/snort/snort_rulesets.php +++ b/config/snort/snort_rulesets.php @@ -153,7 +153,7 @@ if ($_POST["save"]) { @unlink("{$snortdir}/snort_{$snort_uuid}_{$if_real}/rules/{$flowbit_rules_file}"); } - write_config(); + write_config("Snort pkg: save enabled rule categories for {$a_nat[$id]['interface']}."); /*************************************************/ /* Update the snort conf file and rebuild the */ diff --git a/config/snort/snort_stream5_engine.php b/config/snort/snort_stream5_engine.php index 9a91e0d6..89b0bc02 100644 --- a/config/snort/snort_stream5_engine.php +++ b/config/snort/snort_stream5_engine.php @@ -328,7 +328,7 @@ if ($_POST['save']) { } /* Now write the new engine array to conf */ - write_config(); + write_config("Snort pkg: save modified stream5 engine."); header("Location: /snort/snort_preprocessors.php?id={$id}#stream5_row"); exit; diff --git a/config/softflowd/softflowd.xml b/config/softflowd/softflowd.xml index 149631b8..88e521a7 100644 --- a/config/softflowd/softflowd.xml +++ b/config/softflowd/softflowd.xml @@ -1,6 +1,6 @@ <packagegui> <name>softflowd</name> - <version>0.9.8</version> + <version>0.9.8 pkg v1.0.1</version> <title>softflowd: Settings</title> <aftersaveredirect>pkg_edit.php?xml=softflowd.xml&id=0</aftersaveredirect> <menu> @@ -103,7 +103,7 @@ config_unlock(); } - function validate_form_softflowd($post, $input_errors) { + function validate_form_softflowd($post, &$input_errors) { if (($post['host'] == "") || !is_ipaddr($post['host'])) $input_errors[] = 'You must specify a valid ip address in the \'Host\' field'; if (($post['port'] == "") || !is_port($post['port'])) @@ -129,7 +129,7 @@ sync_package_softflowd(); </custom_php_resync_config_command> <custom_php_validation_command> - validate_form_softflowd($_POST, &$input_errors); + validate_form_softflowd($_POST, $input_errors); </custom_php_validation_command> <custom_php_command_before_form> cleanup_config_softflowd(); diff --git a/config/spamd/spamd_db.php b/config/spamd/spamd_db.php index c4c8ffe2..c2df25d1 100644 --- a/config/spamd/spamd_db.php +++ b/config/spamd/spamd_db.php @@ -205,7 +205,6 @@ $blacklist_items = $blacklist_items + $spamdb_black; <script src="/javascript/scriptaculous/prototype.js" type="text/javascript"></script> <script src="/javascript/scriptaculous/scriptaculous.js" type="text/javascript"></script> <script type="text/javascript" language="javascript" src="row_toggle.js"></script> -<script src="/javascript/sorttable.js"></script> <script language="javascript"> function outputrule(req) { if(req.content != '') { @@ -314,6 +313,9 @@ if (typeof getURL == 'undefined') { <td class="listhdrr">IP</td> <td class="listhdrr">From</td> <td class="listhdrr">To</td> + <td class="listhdrr">First</td> + <td class="listhdrr">Pass</td> + <td class="listhdrr">Expire</td> <td class="listhdr">Attempts</td> <td class="list"></td> </tr> @@ -386,6 +388,9 @@ if (typeof getURL == 'undefined') { $srcip = htmlentities($pkgdb_split[1]); $fromaddress = htmlentities($pkgdb_split[3]); $toaddress = htmlentities($pkgdb_split[4]); + $first = ""; + $pass = ""; + $expire = ""; $attempts = htmlentities($pkgdb_split[8]); break; case "TRAPPED": @@ -393,6 +398,9 @@ if (typeof getURL == 'undefined') { $srcip = htmlentities($pkgdb_split[1]); $fromaddress = ""; $toaddress = ""; + $first = ""; + $pass = ""; + $expire = htmlentities($pkgdb_split[2]); $attempts = ""; break; case "GREY": @@ -400,6 +408,9 @@ if (typeof getURL == 'undefined') { $srcip = htmlentities($pkgdb_split[1]); $fromaddress = htmlentities($pkgdb_split[3]); $toaddress = htmlentities($pkgdb_split[4]); + $first = htmlentities($pkgdb_split[5]); + $pass = htmlentities($pkgdb_split[6]); + $expire = htmlentities($pkgdb_split[7]); $attempts = htmlentities($pkgdb_split[8]); break; case "WHITE": @@ -407,6 +418,9 @@ if (typeof getURL == 'undefined') { $srcip = htmlentities($pkgdb_split[1]); $fromaddress = ""; $toaddress = ""; + $first = htmlentities($pkgdb_split[4]); + $pass = htmlentities($pkgdb_split[5]); + $expire = htmlentities($pkgdb_split[6]); $attempts = htmlentities($pkgdb_split[8]); break; } @@ -417,6 +431,9 @@ if (typeof getURL == 'undefined') { echo "<td class=\"listr\">{$srcip}</td>"; echo "<td class=\"listr\">{$fromaddress}</td>"; echo "<td class=\"listr\">{$toaddress}</td>"; + echo "<td class=\"listr\"><span style='white-space: nowrap;'>" . date("Y-m-d", $first) . "<br/>" . date("H:i:s", $first) . "</span></td>"; + echo "<td class=\"listr\"><span style='white-space: nowrap;'>" . date("Y-m-d", $pass) . "<br/>" . date("H:i:s", $pass) . "</span></td>"; + echo "<td class=\"listr\"><span style='white-space: nowrap;'>" . date("Y-m-d", $expire) . "<br/>" . date("H:i:s", $expire) . "</span></td>"; echo "<td class=\"listr\">{$attempts}</td>"; echo "<td>"; $rowtext = "<NOBR><a href='javascript:toggle_on(\"w{$rows}\", \"/themes/{$g['theme']}/images/icons/icon_plus_p.gif\"); getURL(\"spamd_db.php?buttonid=w{$rows}&srcip={$srcip}&action=whitelist\", outputrule);'><img title=\"Add to whitelist\" name='w{$rows}' id='w{$rows}' border=\"0\" alt=\"Add to whitelist\" src=\"/themes/{$g['theme']}/images/icons/icon_plus.gif\"></a> "; diff --git a/config/sudo/sudo.inc b/config/sudo/sudo.inc index 5ffa14c3..68cf4a00 100644 --- a/config/sudo/sudo.inc +++ b/config/sudo/sudo.inc @@ -165,7 +165,7 @@ function sudo_get_users($list_all_user = false) { /* Make sure commands passed in are valid executables to help ensure a valid sudoers file and expected behavior. This also forces the user to give full paths to executables, which they should be doing anyhow. */ -function sudo_validate_commands($input_errors) { +function sudo_validate_commands(&$input_errors) { $idx = 0; while(isset($_POST["cmdlist{$idx}"])) { $commands = $_POST["cmdlist" . $idx++]; diff --git a/config/sudo/sudo.xml b/config/sudo/sudo.xml index 16fc272b..2fccab24 100644 --- a/config/sudo/sudo.xml +++ b/config/sudo/sudo.xml @@ -3,7 +3,7 @@ <description>Sudo Command Control</description> <requirements>None</requirements> <name>sudo</name> - <version>0.2</version> + <version>0.2.1</version> <title>Sudo - Shell Command Privilege Delegation Utility</title> <include_file>/usr/local/pkg/sudo.inc</include_file> <menu> @@ -83,7 +83,7 @@ User permission definitions for allowing the use of sudo by shell users to run c </custom_php_resync_config_command> <custom_php_validation_command> <![CDATA[ - sudo_validate_commands(&$input_errors); + sudo_validate_commands($input_errors); ]]> </custom_php_validation_command> </packagegui> diff --git a/config/suricata/suricata.inc b/config/suricata/suricata.inc index b5f5fb56..c767f2d0 100644 --- a/config/suricata/suricata.inc +++ b/config/suricata/suricata.inc @@ -1,30 +1,41 @@ <?php /* - suricata.inc - - Copyright (C) 2014 Bill Meeks - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. + * suricata.inc + * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. */ require_once("pfsense-utils.inc"); require_once("config.inc"); @@ -39,9 +50,14 @@ global $g, $config; if (!is_array($config['installedpackages']['suricata'])) $config['installedpackages']['suricata'] = array(); -// Define the binary and package build versions -define('SURICATA_VER', '1.4.6'); -define('SURICATA_PKG_VER', 'v0.3-BETA'); +/* Get installed package version for display */ +$suricata_package_version = "Suricata {$config['installedpackages']['package'][get_pkg_id("suricata")]['version']}"; + +// Define the installed package version +define('SURICATA_PKG_VER', $suricata_package_version); + +// Define the name of the pf table used for IP blocks +define('SURICATA_PF_TABLE', 'snort2c'); // Create some other useful defines define('SURICATADIR', '/usr/pbi/suricata-' . php_uname("m") . '/etc/suricata/'); @@ -198,13 +214,26 @@ function suricata_barnyard_reload_config($suricatacfg, $signal="HUP") { function suricata_get_blocked_ips() { - // This is a placeholder function for later use. - // Blocking is not currently enabled in Suricata. - return array(); + $suri_pf_table = SURICATA_PF_TABLE; + $blocked_ips = ""; + + exec("/sbin/pfctl -t {$suri_pf_table} -T show", $blocked_ips); + + $blocked_ips_array = array(); + if (!empty($blocked_ips)) { + if (is_array($blocked_ips)) { + foreach ($blocked_ips as $blocked_ip) { + if (empty($blocked_ip)) + continue; + $blocked_ips_array[] = trim($blocked_ip, " \n\t"); + } + } + } + return $blocked_ips_array; } -/* func builds custom white lists */ -function suricata_find_list($find_name, $type = 'whitelist') { +/* func builds custom Pass Lists */ +function suricata_find_list($find_name, $type = 'passlist') { global $config; $suricataglob = $config['installedpackages']['suricata']; @@ -221,11 +250,11 @@ function suricata_find_list($find_name, $type = 'whitelist') { return array(); } -function suricata_build_list($suricatacfg, $listname = "", $whitelist = false) { +function suricata_build_list($suricatacfg, $listname = "", $passlist = false) { /***********************************************************/ /* The default is to build a HOME_NET variable unless */ - /* '$whitelist' is set to 'true' when calling. */ + /* '$passlist' is set to 'true' when calling. */ /***********************************************************/ global $config, $g, $aliastable, $filterdns; @@ -247,7 +276,7 @@ function suricata_build_list($suricatacfg, $listname = "", $whitelist = false) { $home_net = explode(" ", trim(filter_expand_alias($list['address']))); } - // Always add loopback to HOME_NET and whitelist (ftphelper) + // Always add loopback to HOME_NET and passlist (ftphelper) if (!in_array("127.0.0.1", $home_net)) $home_net[] = "127.0.0.1"; @@ -255,8 +284,8 @@ function suricata_build_list($suricatacfg, $listname = "", $whitelist = false) { /* Always put the interface running Suricata in HOME_NET and */ /* whitelist unless it's the WAN. WAN options are handled further */ /* down. If the user specifically chose not to include LOCAL_NETS */ - /* in the WHITELIST, then do not include the Suricata interface */ - /* subnet in the WHITELIST. We do include the actual LAN interface */ + /* in the PASS LIST, then do not include the Suricata interface */ + /* subnet in the PASS LIST. We do include the actual LAN interface */ /* IP for Suricata, though, to prevent locking out the firewall. */ /********************************************************************/ $suricataip = get_interface_ip($suricatacfg['interface']); @@ -297,8 +326,8 @@ function suricata_build_list($suricatacfg, $listname = "", $whitelist = false) { if (!$whitelist || $localnet == 'yes' || empty($localnet)) { /*************************************************************************/ - /* Iterate through the interface list and write out whitelist items and */ - /* also compile a HOME_NET list of all the local interfaces for suricata. */ + /* Iterate through the interface list and write out pass list items and */ + /* also compile a HOME_NET list of all local interfaces for suricata. */ /* Skip the WAN interface as we do not typically want that whole subnet */ /* whitelisted (just the i/f IP itself which was handled earlier). */ /*************************************************************************/ @@ -365,7 +394,7 @@ function suricata_build_list($suricatacfg, $listname = "", $whitelist = false) { } if($vips == 'yes') { - // iterate all vips and add to whitelist + // iterate all vips and add to passlist if (is_array($config['virtualip']) && is_array($config['virtualip']['vip'])) { foreach($config['virtualip']['vip'] as $vip) { if ($vip['subnet'] && $vip['mode'] != 'proxyarp') { @@ -484,6 +513,104 @@ function suricata_loglimit_install_cron($should_install=true) { install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_check_cron_misc.inc", $should_install, "*/5"); } +function suricata_rm_blocked_install_cron($should_install) { + global $config, $g; + $suri_pf_table = SURICATA_PF_TABLE; + + $suricata_rm_blocked_info_ck = $config['installedpackages']['suricata']['config'][0]['rm_blocked']; + + if ($suricata_rm_blocked_info_ck == "15m_b") { + $suricata_rm_blocked_min = "*/1"; + $suricata_rm_blocked_hr = "*"; + $suricata_rm_blocked_mday = "*"; + $suricata_rm_blocked_month = "*"; + $suricata_rm_blocked_wday = "*"; + $suricata_rm_blocked_expire = "900"; + } + if ($suricata_rm_blocked_info_ck == "30m_b") { + $suricata_rm_blocked_min = "*/5"; + $suricata_rm_blocked_hr = "*"; + $suricata_rm_blocked_mday = "*"; + $suricata_rm_blocked_month = "*"; + $suricata_rm_blocked_wday = "*"; + $suricata_rm_blocked_expire = "1800"; + } + if ($suricata_rm_blocked_info_ck == "1h_b") { + $suricata_rm_blocked_min = "*/5"; + $suricata_rm_blocked_hr = "*"; + $suricata_rm_blocked_mday = "*"; + $suricata_rm_blocked_month = "*"; + $suricata_rm_blocked_wday = "*"; + $suricata_rm_blocked_expire = "3600"; + } + if ($suricata_rm_blocked_info_ck == "3h_b") { + $suricata_rm_blocked_min = "*/5"; + $suricata_rm_blocked_hr = "*"; + $suricata_rm_blocked_mday = "*"; + $suricata_rm_blocked_month = "*"; + $suricata_rm_blocked_wday = "*"; + $suricata_rm_blocked_expire = "10800"; + } + if ($suricata_rm_blocked_info_ck == "6h_b") { + $suricata_rm_blocked_min = "*/5"; + $suricata_rm_blocked_hr = "*"; + $suricata_rm_blocked_mday = "*"; + $suricata_rm_blocked_month = "*"; + $suricata_rm_blocked_wday = "*"; + $suricata_rm_blocked_expire = "21600"; + } + if ($suricata_rm_blocked_info_ck == "12h_b") { + $suricata_rm_blocked_min = "*/5"; + $suricata_rm_blocked_hr = "*"; + $suricata_rm_blocked_mday = "*"; + $suricata_rm_blocked_month = "*"; + $suricata_rm_blocked_wday = "*"; + $suricata_rm_blocked_expire = "43200"; + } + if ($suricata_rm_blocked_info_ck == "1d_b") { + $suricata_rm_blocked_min = "*/5"; + $suricata_rm_blocked_hr = "*"; + $suricata_rm_blocked_mday = "*"; + $suricata_rm_blocked_month = "*"; + $suricata_rm_blocked_wday = "*"; + $suricata_rm_blocked_expire = "86400"; + } + if ($suricata_rm_blocked_info_ck == "4d_b") { + $suricata_rm_blocked_min = "*/5"; + $suricata_rm_blocked_hr = "*"; + $suricata_rm_blocked_mday = "*"; + $suricata_rm_blocked_month = "*"; + $suricata_rm_blocked_wday = "*"; + $suricata_rm_blocked_expire = "345600"; + } + if ($suricata_rm_blocked_info_ck == "7d_b") { + $suricata_rm_blocked_min = "*/5"; + $suricata_rm_blocked_hr = "*"; + $suricata_rm_blocked_mday = "*"; + $suricata_rm_blocked_month = "*"; + $suricata_rm_blocked_wday = "*"; + $suricata_rm_blocked_expire = "604800"; + } + if ($suricata_rm_blocked_info_ck == "28d_b") { + $suricata_rm_blocked_min = "*/5"; + $suricata_rm_blocked_hr = "*"; + $suricata_rm_blocked_mday = "*"; + $suricata_rm_blocked_month = "*"; + $suricata_rm_blocked_wday = "*"; + $suricata_rm_blocked_expire = "2419200"; + } + + // First, remove any existing cron task for "rm_blocked" hosts + install_cron_job("pfctl -t {$suri_pf_table} -T expire" , false); + + // Now add or update the cron task for "rm_blocked" hosts + // if enabled. + if ($should_install) { + $command = "/usr/bin/nice -n20 /sbin/pfctl -t {$suri_pf_table} -T expire {$suricata_rm_blocked_expire}"; + install_cron_job($command, $should_install, $suricata_rm_blocked_min, $suricata_rm_blocked_hr, $suricata_rm_blocked_mday, $suricata_rm_blocked_month, $suricata_rm_blocked_wday, "root"); + } +} + function sync_suricata_package_config() { global $config, $g; @@ -516,9 +643,11 @@ function sync_suricata_package_config() { $suricataglob = $config['installedpackages']['suricata']['config'][0]; // setup the log directory size check job if enabled - suricata_loglimit_install_cron(); + suricata_loglimit_install_cron(true); // setup the suricata rules update job if enabled - suricata_rules_up_install_cron($suricataglob['autoruleupdate'] != "never_up" ? true : false); + suricata_rules_up_install_cron($config['installedpackages']['suricata']['config'][0]['autoruleupdate'] != "never_up" ? true : false); + // set the suricata blocked hosts time + suricata_rm_blocked_install_cron($config['installedpackages']['suricata']['config'][0]['rm_blocked'] != "never_b" ? true : false); write_config(); configure_cron(); @@ -1911,7 +2040,12 @@ function suricata_generate_barnyard2_conf($suricatacfg, $if_real) { $by2_dbpwd = base64_decode($suricatacfg['barnyard_dbpwd']); $suricatabarnyardlog_output_plugins .= "# database: log to a MySQL DB\noutput database: alert, mysql, "; $suricatabarnyardlog_output_plugins .= "user={$suricatacfg['barnyard_dbuser']} password={$by2_dbpwd} "; - $suricatabarnyardlog_output_plugins .= "dbname={$suricatacfg['barnyard_dbname']} host={$suricatacfg['barnyard_dbhost']}\n\n"; + $suricatabarnyardlog_output_plugins .= "dbname={$suricatacfg['barnyard_dbname']} host={$suricatacfg['barnyard_dbhost']}"; + if (isset($suricatacfg['barnyard_sensor_name']) && strlen($suricatacfg['barnyard_sensor_name']) > 0) + $suricatabarnyardlog_output_plugins .= " sensor_name={$suricatacfg['barnyard_sensor_name']}"; + if ($suricatacfg['barnyard_disable_sig_ref_tbl'] == 'on') + $suricatabarnyardlog_output_plugins .= " disable_signature_reference_table"; + $suricatabarnyardlog_output_plugins .= "\n\n"; } if ($suricatacfg['barnyard_syslog_enable'] == 'on') { $suricatabarnyardlog_output_plugins .= "# syslog_full: log to a syslog receiver\n"; diff --git a/config/suricata/suricata.priv.inc b/config/suricata/suricata.priv.inc index 8dcec887..3bbee55a 100644 --- a/config/suricata/suricata.priv.inc +++ b/config/suricata/suricata.priv.inc @@ -8,6 +8,7 @@ $priv_list['page-services-suricata']['descr'] = "Allow access to suricata packag $priv_list['page-services-suricata']['match'] = array(); $priv_list['page-services-suricata']['match'][] = "suricata/suricata_alerts.php*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata_barnyard.php*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_blocked.php*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata_check_for_rule_updates.php*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata_define_vars.php*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata_download_rules.php*"; @@ -20,11 +21,12 @@ $priv_list['page-services-suricata']['match'][] = "suricata/suricata_interfaces_ $priv_list['page-services-suricata']['match'][] = "suricata/suricata_interfaces_global.php*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata_suppress.php*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata_suppress_edit.php*"; -$priv_list['page-services-suricata']['match'][] = "suricata/suricata_interfaces_whitelist.php*"; -$priv_list['page-services-suricata']['match'][] = "suricata/suricata_interfaces_whitelist_edit.php*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_select_alias.php*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata_list_view.php*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata_logs_browser.php*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata_logs_mgmt.php*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_passlist.php*"; +$priv_list['page-services-suricata']['match'][] = "suricata/suricata_passlist_edit.php*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata_post_install.php*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata_flow_stream.php*"; $priv_list['page-services-suricata']['match'][] = "suricata/suricata_rules.php*"; diff --git a/config/suricata/suricata.xml b/config/suricata/suricata.xml index fb296aed..1a64d619 100644 --- a/config/suricata/suricata.xml +++ b/config/suricata/suricata.xml @@ -9,40 +9,49 @@ /* suricata.xml part of the Suricata package for pfSense - Copyright (C) 2014 Bill meeks - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Significant portions are based on original work done for the Snort + package for pfSense from the following contributors: + + Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + Copyright (C) 2006 Scott Ullrich + Copyright (C) 2009 Robert Zelaya Sr. Developer + Copyright (C) 2012 Ermal Luci + All rights reserved. + + Adapted for Suricata by: + Copyright (C) 2014 Bill Meeks + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code MUST retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ /* ========================================================================== */ ]]> </copyright> <description>Suricata IDS/IPS Package</description> <requirements>None</requirements> <name>suricata</name> - <version>1.4.6 pkg v0.3-BETA</version> + <version>1.4.6 pkg v1.0</version> <title>Services: Suricata IDS</title> <include_file>/usr/local/pkg/suricata/suricata.inc</include_file> <menu> @@ -208,6 +217,26 @@ <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> + <prefix>/usr/local/www/suricata/</prefix> + <chmod>0644</chmod> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_blocked.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/suricata/</prefix> + <chmod>0644</chmod> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_passlist.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/suricata/</prefix> + <chmod>0644</chmod> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_passlist_edit.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/suricata/</prefix> + <chmod>0644</chmod> + <item>https://packages.pfsense.org/packages/config/suricata/suricata_select_alias.php</item> + </additional_files_needed> + <additional_files_needed> <prefix>/usr/local/www/widgets/javascript/</prefix> <chmod>0644</chmod> <item>https://packages.pfsense.org/packages/config/suricata/suricata_alerts.js</item> diff --git a/config/suricata/suricata_alerts.php b/config/suricata/suricata_alerts.php index 01d4daeb..07e4eb1f 100644 --- a/config/suricata/suricata_alerts.php +++ b/config/suricata/suricata_alerts.php @@ -3,19 +3,30 @@ * suricata_alerts.php * part of pfSense * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: * Copyright (C) 2014 Bill Meeks * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: - * + * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -32,6 +43,7 @@ require_once("guiconfig.inc"); require_once("/usr/local/pkg/suricata/suricata.inc"); $supplist = array(); +$suri_pf_table = SURICATA_PF_TABLE; function suricata_is_alert_globally_suppressed($list, $gid, $sid) { @@ -109,12 +121,11 @@ function suricata_add_supplist_entry($suppress) { } } - /* If we created a new list or updated an existing one, save the change, */ - /* tell Snort to load it, and return true; otherwise return false. */ + /* If we created a new list or updated an existing one, save the change */ + /* and return true; otherwise return false. */ if ($found_list) { write_config(); sync_suricata_package_config(); - suricata_reload_config($a_instance[$instanceid]); return true; } else @@ -165,12 +176,12 @@ if ($_POST['save']) { exit; } -//if ($_POST['unblock'] && $_POST['ip']) { -// if (is_ipaddr($_POST['ip'])) { -// exec("/sbin/pfctl -t snort2c -T delete {$_POST['ip']}"); -// $savemsg = gettext("Host IP address {$_POST['ip']} has been removed from the Blocked Table."); -// } -//} +if ($_POST['unblock'] && $_POST['ip']) { + if (is_ipaddr($_POST['ip'])) { + exec("/sbin/pfctl -t {$suri_pf_table} -T delete {$_POST['ip']}"); + $savemsg = gettext("Host IP address {$_POST['ip']} has been removed from the Blocked Table."); + } +} if (($_POST['addsuppress_srcip'] || $_POST['addsuppress_dstip'] || $_POST['addsuppress']) && is_numeric($_POST['sidid']) && is_numeric($_POST['gen_id'])) { if ($_POST['addsuppress_srcip']) @@ -355,10 +366,12 @@ if ($savemsg) { $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), true, "/suricata/suricata_alerts.php"); + $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$instanceid}"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); - display_top_tabs($tab_array); + display_top_tabs($tab_array, true); ?> </td></tr> <tr> @@ -495,10 +508,10 @@ if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.lo $alert_ip_src .= "title='" . gettext("This alert track by_src IP is already in the Suppress List") . "'/>"; } /* Add icon for auto-removing from Blocked Table if required */ -// if (isset($tmpblocked[$fields[9]])) { -// $alert_ip_src .= " <input type='image' name='unblock[]' onClick=\"document.getElementById('ip').value='{$fields[9]}';\" "; -// $alert_ip_src .= "title='" . gettext("Remove host from Blocked Table") . "' border='0' width='12' height='12' src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"/>"; -// } + if (isset($tmpblocked[$fields[9]])) { + $alert_ip_src .= " <input type='image' name='unblock[]' onClick=\"document.getElementById('ip').value='{$fields[9]}';\" "; + $alert_ip_src .= "title='" . gettext("Remove host from Blocked Table") . "' border='0' width='12' height='12' src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"/>"; + } /* IP SRC Port */ $alert_src_p = $fields[10]; /* IP Destination */ @@ -524,10 +537,10 @@ if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.lo $alert_ip_dst .= "title='" . gettext("This alert track by_dst IP is already in the Suppress List") . "'/>"; } /* Add icon for auto-removing from Blocked Table if required */ -// if (isset($tmpblocked[$fields[11]])) { -// $alert_ip_dst .= " <input type='image' name='unblock[]' onClick=\"document.getElementById('ip').value='{$fields[11]}';\" "; -// $alert_ip_dst .= "title='" . gettext("Remove host from Blocked Table") . "' border='0' width='12' height='12' src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"/>"; -// } + if (isset($tmpblocked[$fields[11]])) { + $alert_ip_dst .= " <input type='image' name='unblock[]' onClick=\"document.getElementById('ip').value='{$fields[11]}';\" "; + $alert_ip_dst .= "title='" . gettext("Remove host from Blocked Table") . "' border='0' width='12' height='12' src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"/>"; + } /* IP DST Port */ $alert_dst_p = $fields[12]; /* SID */ diff --git a/config/suricata/suricata_app_parsers.php b/config/suricata/suricata_app_parsers.php index 8d0bb4f4..c28b99d1 100644 --- a/config/suricata/suricata_app_parsers.php +++ b/config/suricata/suricata_app_parsers.php @@ -3,12 +3,23 @@ * suricata_app_parsers.php * part of pfSense * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: * Copyright (C) 2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: - * + * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * @@ -379,7 +390,7 @@ include_once("head.inc"); <?php include("fbegin.inc"); /* Display error or save message */ if ($input_errors) { - print_input_errors($input_errors); // TODO: add checks + print_input_errors($input_errors); } if ($savemsg) { print_info_box($savemsg); @@ -393,14 +404,16 @@ include_once("head.inc"); <tr><td> <?php $tab_array = array(); - $tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}"); + $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); - display_top_tabs($tab_array); + display_top_tabs($tab_array, true); echo '</td></tr>'; echo '<tr><td>'; $menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface "); @@ -412,7 +425,7 @@ include_once("head.inc"); $tab_array[] = array($menu_iface . gettext("App Parsers"), true, "/suricata/suricata_app_parsers.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}"); - display_top_tabs($tab_array); + display_top_tabs($tab_array, true); ?> </td></tr> <tr><td><div id="mainarea"> diff --git a/config/suricata/suricata_barnyard.php b/config/suricata/suricata_barnyard.php index 850e4bed..d4afe4f4 100644 --- a/config/suricata/suricata_barnyard.php +++ b/config/suricata/suricata_barnyard.php @@ -3,12 +3,23 @@ * suricata_barnyard.php * part of pfSense * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: * Copyright (C) 2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: - * + * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * @@ -133,6 +144,7 @@ if ($_POST['save']) { $natent['barnyard_syslog_enable'] = $_POST['barnyard_syslog_enable'] ? 'on' : 'off'; $natent['barnyard_syslog_local'] = $_POST['barnyard_syslog_local'] ? 'on' : 'off'; $natent['barnyard_bro_ids_enable'] = $_POST['barnyard_bro_ids_enable'] ? 'on' : 'off'; + $natent['barnyard_disable_sig_ref_tbl'] = $_POST['barnyard_disable_sig_ref_tbl'] ? 'on' : 'off'; $natent['barnyard_syslog_opmode'] = $_POST['barnyard_syslog_opmode']; $natent['barnyard_syslog_proto'] = $_POST['barnyard_syslog_proto']; @@ -167,50 +179,21 @@ if ($_POST['save']) { elseif ($a_nat[$id]['barnyard_enable'] == "on") { if (suricata_is_running($a_nat[$id]['uuid'], get_real_interface($a_nat[$id]['interface']), "barnyard2")) suricata_barnyard_reload_config($a_nat[$id], "HUP"); - else - suricata_barnyard_start($a_nat[$id], get_real_interface($a_nat[$id]['interface'])); + else { + // Notify user a Suricata restart is required if enabling Barnyard2 for the first time + $savemsg = gettext("NOTE: you must restart Suricata on this interface to activate unified2 logging for Barnyard2."); + } } - // after click go to this page - header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); - header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); - header( 'Cache-Control: no-store, no-cache, must-revalidate' ); - header( 'Cache-Control: post-check=0, pre-check=0', false ); - header( 'Pragma: no-cache' ); - header("Location: suricata_barnyard.php?id=$id"); - exit; + $pconfig = $natent; } else { - // We had errors, so save incoming field data to prevent retyping - $pconfig['barnyard_enable'] = $_POST['barnyard_enable']; - $pconfig['barnyard_show_year'] = $_POST['barnyard_show_year']; - $pconfig['barnyard_archive_enable'] = $_POST['barnyard_archive_enable']; - $pconfig['barnyard_dump_payload'] = $_POST['barnyard_dump_payload']; - $pconfig['barnyard_obfuscate_ip'] = $_POST['barnyard_obfuscate_ip']; - $pconfig['barnyard_mysql_enable'] = $_POST['barnyard_mysql_enable']; - $pconfig['barnyard_syslog_enable'] = $_POST['barnyard_syslog_enable']; - $pconfig['barnyard_syslog_local'] = $_POST['barnyard_syslog_local']; - $pconfig['barnyard_syslog_opmode'] = $_POST['barnyard_syslog_opmode']; - $pconfig['barnyard_syslog_proto'] = $_POST['barnyard_syslog_proto']; - $pconfig['barnyard_bro_ids_enable'] = $_POST['barnyard_bro_ids_enable']; - - $pconfig['barnyard_sensor_id'] = $_POST['barnyard_sensor_id']; - $pconfig['barnyard_sensor_name'] = $_POST['barnyard_sensor_name']; - $pconfig['barnyard_dbhost'] = $_POST['barnyard_dbhost']; - $pconfig['barnyard_dbname'] = $_POST['barnyard_dbname']; - $pconfig['barnyard_dbuser'] = $_POST['barnyard_dbuser']; - $pconfig['barnyard_dbpwd'] = $_POST['barnyard_dbpwd']; - $pconfig['barnyard_syslog_rhost'] = $_POST['barnyard_syslog_rhost']; - $pconfig['barnyard_syslog_dport'] = $_POST['barnyard_syslog_dport']; - $pconfig['barnyard_syslog_facility'] = $_POST['barnyard_syslog_facility']; - $pconfig['barnyard_syslog_priority'] = $_POST['barnyard_syslog_priority']; - $pconfig['barnyard_bro_ids_rhost'] = $_POST['barnyard_bro_ids_rhost']; - $pconfig['barnyard_bro_ids_dport'] = $_POST['barnyard_bro_ids_dport']; - $pconfig['barnconfigpassthru'] = $_POST['barnconfigpassthru']; + // We had errors, so save previous field data to prevent retyping + $pconfig = $_POST; } } -$if_friendly = convert_friendly_interface_to_friendly_descr($pconfig['interface']); +$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']); $pgtitle = gettext("Suricata: Interface {$if_friendly} - Barnyard2 Settings"); include_once("head.inc"); @@ -221,7 +204,7 @@ include_once("head.inc"); /* Display Alert message */ if ($input_errors) { - print_input_errors($input_errors); // TODO: add checks + print_input_errors($input_errors); } if ($savemsg) { @@ -235,14 +218,16 @@ include_once("head.inc"); <tr><td> <?php $tab_array = array(); - $tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}"); + $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); - display_top_tabs($tab_array); + display_top_tabs($tab_array, true); echo '</td></tr>'; echo '<tr><td class="tabnavtbl">'; $tab_array = array(); @@ -254,7 +239,7 @@ include_once("head.inc"); $tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), true, "/suricata/suricata_barnyard.php?id={$id}"); - display_top_tabs($tab_array); + display_top_tabs($tab_array, true); ?> </td></tr> <tr> @@ -358,6 +343,14 @@ include_once("head.inc"); <?php echo gettext("Password for the MySQL database user"); ?> </td> </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Disable Signature Reference Table"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_disable_sig_ref_tbl" type="checkbox" value="on" <?php if ($pconfig['barnyard_disable_sig_ref_tbl'] == "on") echo "checked"; ?>/> + <?php echo gettext("Disable synchronization of sig_reference table in schema. Default value is ") . "<strong>" . gettext("Not Checked") . "</strong>"; ?><br/> + <br/><?php echo gettext("This option will speedup the process when checked, plus it can help work around a 'duplicate entry' error when running multiple Suricata instances."); ?> + </td> + </tr> </tbody> <tr> <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Syslog Output Settings"); ?></td> @@ -521,6 +514,7 @@ function toggle_mySQL() { document.iform.barnyard_dbname.disabled = endis; document.iform.barnyard_dbuser.disabled = endis; document.iform.barnyard_dbpwd.disabled = endis; + document.iform.barnyard_disable_sig_ref_tbl.disabled = endis; if (endis) document.getElementById("mysql_config_rows").style.display = "none"; @@ -587,6 +581,7 @@ function enable_change(enable_change) { document.iform.barnyard_dbname.disabled = endis; document.iform.barnyard_dbuser.disabled = endis; document.iform.barnyard_dbpwd.disabled = endis; + document.iform.barnyard_disable_sig_ref_tbl.disabled = endis; document.iform.barnyard_syslog_enable.disabled = endis; document.iform.barnyard_syslog_local.disabled = endis; document.iform.barnyard_syslog_opmode_default.disabled = endis; diff --git a/config/suricata/suricata_blocked.php b/config/suricata/suricata_blocked.php new file mode 100644 index 00000000..96171c1e --- /dev/null +++ b/config/suricata/suricata_blocked.php @@ -0,0 +1,323 @@ +<?php +/* + * suricata_blocked.php + * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/suricata/suricata.inc"); + +$suricatalogdir = SURICATALOGDIR; +$suri_pf_table = SURICATA_PF_TABLE; + +if (!is_array($config['installedpackages']['suricata']['alertsblocks'])) + $config['installedpackages']['suricata']['alertsblocks'] = array(); + +$pconfig['brefresh'] = $config['installedpackages']['suricata']['alertsblocks']['brefresh']; +$pconfig['blertnumber'] = $config['installedpackages']['suricata']['alertsblocks']['blertnumber']; + +if (empty($pconfig['blertnumber'])) + $bnentries = '500'; +else + $bnentries = $pconfig['blertnumber']; + +if ($_POST['todelete']) { + $ip = ""; + if ($_POST['ip']) + $ip = $_POST['ip']; + if (is_ipaddr($ip)) + exec("/sbin/pfctl -t {$suri_pf_table} -T delete {$ip}"); + else + $input_errors[] = gettext("An invalid IP address was provided as a parameter."); +} + +if ($_POST['remove']) { + exec("/sbin/pfctl -t {$suri_pf_table} -T flush"); + header("Location: /suricata/suricata_blocked.php"); + exit; +} + +/* TODO: build a file with block ip and disc */ +if ($_POST['download']) +{ + $blocked_ips_array_save = ""; + exec("/sbin/pfctl -t {$suri_pf_table} -T show", $blocked_ips_array_save); + /* build the list */ + if (is_array($blocked_ips_array_save) && count($blocked_ips_array_save) > 0) { + $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"'); + $file_name = "suricata_blocked_{$save_date}.tar.gz"; + exec('/bin/mkdir -p /tmp/suricata_blocked'); + file_put_contents("/tmp/suricata_blocked/suricata_block.pf", ""); + foreach($blocked_ips_array_save as $counter => $fileline) { + if (empty($fileline)) + continue; + $fileline = trim($fileline, " \n\t"); + file_put_contents("/tmp/suricata_blocked/suricata_block.pf", "{$fileline}\n", FILE_APPEND); + } + + // Create a tar gzip archive of blocked host IP addresses + exec("/usr/bin/tar -czf /tmp/{$file_name} -C/tmp/suricata_blocked suricata_block.pf"); + + // If we successfully created the archive, send it to the browser. + if(file_exists("/tmp/{$file_name}")) { + ob_start(); //important or other posts will fail + if (isset($_SERVER['HTTPS'])) { + header('Pragma: '); + header('Cache-Control: '); + } else { + header("Pragma: private"); + header("Cache-Control: private, must-revalidate"); + } + header("Content-Type: application/octet-stream"); + header("Content-length: " . filesize("/tmp/{$file_name}")); + header("Content-disposition: attachment; filename = {$file_name}"); + ob_end_clean(); //important or other post will fail + readfile("/tmp/{$file_name}"); + + // Clean up the temp files and directory + @unlink("/tmp/{$file_name}"); + exec("/bin/rm -fr /tmp/suricata_blocked"); + } else + $savemsg = gettext("An error occurred while creating archive"); + } else + $savemsg = gettext("No content on suricata block list"); +} + +if ($_POST['save']) +{ + /* no errors */ + if (!$input_errors) { + $config['installedpackages']['suricata']['alertsblocks']['brefresh'] = $_POST['brefresh'] ? 'on' : 'off'; + $config['installedpackages']['suricata']['alertsblocks']['blertnumber'] = $_POST['blertnumber']; + + write_config("Suricata pkg: updated BLOCKED tab settings."); + + header("Location: /suricata/suricata_blocked.php"); + exit; + } + +} + +$pgtitle = gettext("Suricata: Blocked Hosts"); +include_once("head.inc"); + +?> + +<body link="#000000" vlink="#000000" alink="#000000"> +<script src="/javascript/filter_log.js" type="text/javascript"></script> + +<?php + +include_once("fbegin.inc"); + +/* refresh every 60 secs */ +if ($pconfig['brefresh'] == 'on') + echo "<meta http-equiv=\"refresh\" content=\"60;url=/suricata/suricata_blocked.php\" />\n"; + +/* Display Alert message */ +if ($input_errors) { + print_input_errors($input_errors); // TODO: add checks +} +if ($savemsg) { + print_info_box($savemsg); +} +?> + +<form action="/suricata/suricata_blocked.php" method="post"> +<input type="hidden" name="ip" id="ip" value=""/> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr> + <td> + <?php + $tab_array = array(); + $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); + $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); + $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php"); + $tab_array[] = array(gettext("Blocked"), true, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); + $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); + $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$instanceid}"); + $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); + display_top_tabs($tab_array, true); + ?> + </td> +</tr> +<tr> + <td><div id="mainarea"> + <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td colspan="2" class="listtopic"><?php echo gettext("Blocked Hosts Log View Settings"); ?></td> + </tr> + <tr> + <td width="22%" class="vncell"><?php echo gettext("Save or Remove Hosts"); ?></td> + <td width="78%" class="vtable"> + <input name="download" type="submit" class="formbtns" value="Download" title="<?=gettext("Download list of blocked hosts as a gzip archive");?>"/> + <?php echo gettext("All blocked hosts will be saved."); ?> + <input name="remove" type="submit" class="formbtns" value="Clear" title="<?=gettext("Remove blocks for all listed hosts");?>" + onClick="return confirm('<?=gettext("Are you sure you want to remove all blocked hosts? Click OK to continue or CANCLE to quit.");?>');"/> + <span class="red"><strong><?php echo gettext("Warning:"); ?></strong></span> <?php echo gettext("all hosts will be removed."); ?> + </td> + </tr> + <tr> + <td width="22%" class="vncell"><?php echo gettext("Auto Refresh and Log View"); ?></td> + <td width="78%" class="vtable"> + <input name="save" type="submit" class="formbtns" value=" Save " title="<?=gettext("Save auto-refresh and view settings");?>"/> + <?php echo gettext("Refresh"); ?> <input name="brefresh" type="checkbox" value="on" + <?php if ($config['installedpackages']['suricata']['alertsblocks']['brefresh']=="on" || $config['installedpackages']['suricata']['alertsblocks']['brefresh']=='') echo "checked"; ?>/> + <?php printf(gettext("%sDefault%s is %sON%s."), '<strong>', '</strong>', '<strong>', '</strong>'); ?> + <input name="blertnumber" type="text" class="formfld unknown" id="blertnumber" + size="5" value="<?=htmlspecialchars($bnentries);?>"/> <?php printf(gettext("Enter number of " . + "blocked entries to view. %sDefault%s is %s500%s."), '<strong>', '</strong>', '<strong>', '</strong>'); ?> + </td> + </tr> + <tr> + <td colspan="2" class="listtopic"><?php printf(gettext("Last %s Hosts Blocked by Suricata"), $bnentries); ?></td> + </tr> + <tr> + <td colspan="2"> + <table id="sortabletable1" style="table-layout: fixed;" class="sortable" width="100%" border="0" cellpadding="2" cellspacing="0"> + <colgroup> + <col width="5%" align="center" axis="number"> + <col width="15%" align="center" axis="string"> + <col width="70%" align="left" axis="string"> + <col width="10%" align="center"> + </colgroup> + <thead> + <tr> + <th class="listhdrr" axis="number">#</th> + <th class="listhdrr" axis="string"><?php echo gettext("IP"); ?></th> + <th class="listhdrr" axis="string"><?php echo gettext("Alert Description"); ?></th> + <th class="listhdrr"><?php echo gettext("Remove"); ?></th> + </tr> + </thead> + <tbody> + <?php + + /* set the arrays */ + $blocked_ips_array = suricata_get_blocked_ips(); + if (!empty($blocked_ips_array)) { + foreach ($blocked_ips_array as &$ip) + $ip = inet_pton($ip); + $tmpblocked = array_flip($blocked_ips_array); + $src_ip_list = array(); + foreach (glob("{$suricatalogdir}*/block.log*") as $alertfile) { + $fd = fopen($alertfile, "r"); + if ($fd) { + /* 0 1 2 3 4 5 6 7 8 9 10 */ + /* File format timestamp,action,sig_generator,sig_id,sig_rev,msg,classification,priority,proto,ip,port */ + while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) { + if(count($fields) < 11) + continue; + $fields[9] = inet_pton($fields[9]); + if (isset($tmpblocked[$fields[9]])) { + if (!is_array($src_ip_list[$fields[9]])) + $src_ip_list[$fields[9]] = array(); + $src_ip_list[$fields[9]][$fields[5]] = "{$fields[5]} - " . substr($fields[0], 0, -7); + } + } + fclose($fd); + } + } + + foreach($blocked_ips_array as $blocked_ip) { + if (is_ipaddr($blocked_ip) && !isset($src_ip_list[$blocked_ip])) + $src_ip_list[$blocked_ip] = array("N\A\n"); + } + + /* build final list, build html */ + $counter = 0; + foreach($src_ip_list as $blocked_ip => $blocked_msg) { + $blocked_desc = implode("<br/>", $blocked_msg); + if($counter > $bnentries) + break; + else + $counter++; + + $block_ip_str = inet_ntop($blocked_ip); + /* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */ + $tmp_ip = str_replace(":", ":​", $block_ip_str); + /* Add reverse DNS lookup icons */ + $rdns_link = ""; + $rdns_link .= "<a onclick=\"javascript:getURL('/diag_dns.php?host={$block_ip_str}&dialog_output=true', outputrule);\">"; + $rdns_link .= "<img src='../themes/{$g['theme']}/images/icons/icon_log_d.gif' width='11' height='11' border='0' "; + $rdns_link .= "title='" . gettext("Resolve host via reverse DNS lookup (quick pop-up)") . "' style=\"cursor: pointer;\"></a> "; + $rdns_link .= "<a href='/diag_dns.php?host={$block_ip_str}'>"; + $rdns_link .= "<img src='../themes/{$g['theme']}/images/icons/icon_log.gif' width='11' height='11' border='0' "; + $rdns_link .= "title='" . gettext("Resolve host via reverse DNS lookup") . "'></a>"; + /* use one echo to do the magic*/ + echo "<tr> + <td align=\"center\" valign=\"middle\" class=\"listr\">{$counter}</td> + <td align=\"center\" valign=\"middle\" class=\"listr\">{$tmp_ip}<br/>{$rdns_link}</td> + <td valign=\"middle\" class=\"listr\">{$blocked_desc}</td> + <td align=\"center\" valign=\"middle\" class=\"listr\" sorttable_customkey=\"\"> + <input type=\"image\" name=\"todelete[]\" onClick=\"document.getElementById('ip').value='{$block_ip_str}';\" + src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\" title=\"" . gettext("Delete host from Blocked Table") . "\" border=\"0\" /></td> + </tr>\n"; + } + } + ?> + </tbody> + </table> + </td> + </tr> + <tr> + <td colspan="2" class="vexpl" align="center"> + <?php if (!empty($blocked_ips_array)) { + if ($counter > 1) + echo "{$counter}" . gettext(" host IP addresses are currently being blocked."); + else + echo "{$counter}" . gettext(" host IP address is currently being blocked."); + } + else { + echo gettext("There are currently no hosts being blocked by Suricata."); + } + ?> + </td> + </tr> + </table> + </div> + </td> +</tr> +</table> +</form> +<?php +include("fend.inc"); +?> +</body> +</html> diff --git a/config/suricata/suricata_check_cron_misc.inc b/config/suricata/suricata_check_cron_misc.inc index b9ba3fb7..f750c530 100644 --- a/config/suricata/suricata_check_cron_misc.inc +++ b/config/suricata/suricata_check_cron_misc.inc @@ -3,12 +3,23 @@ * suricata_check_cron_misc.inc * part of pfSense * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: * Copyright (C) 2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: - * + * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * @@ -173,19 +184,31 @@ if ($config['installedpackages']['suricata']['config'][0]['enable_log_mgmt'] == $suricata_log_dir = SURICATALOGDIR . "suricata_{$if_real}{$value['uuid']}"; foreach ($logs as $k => $p) suricata_check_rotate_log("{$suricata_log_dir}/{$k}", $p['limit']*1024, $p['retention']); - } - // Prune any aged-out Barnyard2 archived logs if any exist - if (is_dir("{$suricata_log_dir}/barnyard2/archive") && - $config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention'] > 0) { - $now = time(); - $files = glob("{$suricata_log_dir}/barnyard2/archive/unified2.alert.*"); - foreach ($files as $f) { - if (($now - filemtime($f)) > ($config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention'] * 3600)) - unlink_if_exists($f); + // Prune any aged-out Barnyard2 archived logs if any exist + if (is_dir("{$suricata_log_dir}/barnyard2/archive") && + $config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention'] > 0) { + $now = time(); + $files = glob("{$suricata_log_dir}/barnyard2/archive/unified2.alert.*"); + foreach ($files as $f) { + if (($now - filemtime($f)) > ($config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention'] * 3600)) + unlink_if_exists($f); + } + } + unset($files); + + // Prune aged-out File Store files if any exist + if (is_dir("{$suricata_log_dir}/files") && + $config['installedpackages']['suricata']['config'][0]['file_store_retention'] > 0) { + $now = time(); + $files = glob("{$suricata_log_dir}/files/file.*"); + foreach ($files as $f) { + if (($now - filemtime($f)) > ($config['installedpackages']['suricata']['config'][0]['file_store_retention'] * 3600)) + unlink_if_exists($f); + } } + unset($files); } - unset($files); } // Check the overall log directory limit (if enabled) and prune if necessary diff --git a/config/suricata/suricata_check_for_rule_updates.php b/config/suricata/suricata_check_for_rule_updates.php index 51efd7d0..bb29078f 100644 --- a/config/suricata/suricata_check_for_rule_updates.php +++ b/config/suricata/suricata_check_for_rule_updates.php @@ -2,19 +2,30 @@ /* * suricata_check_for_rule_updates.php * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: * Copyright (C) 2014 Bill Meeks * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: - * + * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE diff --git a/config/suricata/suricata_define_vars.php b/config/suricata/suricata_define_vars.php index 22b8ab3c..d072ff42 100644 --- a/config/suricata/suricata_define_vars.php +++ b/config/suricata/suricata_define_vars.php @@ -3,12 +3,23 @@ * suricata_define_vars.php * part of pfSense * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: * Copyright (C) 2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: - * + * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * @@ -158,14 +169,16 @@ if ($savemsg) <tr><td> <?php $tab_array = array(); - $tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}"); + $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); - display_top_tabs($tab_array); + display_top_tabs($tab_array, true); echo '</td></tr>'; echo '<tr><td class="tabnavtbl">'; $tab_array = array(); @@ -177,7 +190,7 @@ if ($savemsg) $tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Variables"), true, "/suricata/suricata_define_vars.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}"); - display_top_tabs($tab_array); + display_top_tabs($tab_array, true); ?> </td></tr> <tr> diff --git a/config/suricata/suricata_download_rules.php b/config/suricata/suricata_download_rules.php index 26737dcf..2de286ba 100644 --- a/config/suricata/suricata_download_rules.php +++ b/config/suricata/suricata_download_rules.php @@ -2,19 +2,31 @@ /* * suricata_download_rules.php * + * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: * Copyright (C) 2014 Bill Meeks * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: - * + * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE diff --git a/config/suricata/suricata_download_updates.php b/config/suricata/suricata_download_updates.php index 188255c8..b5377351 100644 --- a/config/suricata/suricata_download_updates.php +++ b/config/suricata/suricata_download_updates.php @@ -3,19 +3,30 @@ * suricata_download_updates.php * part of pfSense * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: * Copyright (C) 2014 Bill Meeks * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: - * + * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -176,10 +187,12 @@ include_once("head.inc"); $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); $tab_array[] = array(gettext("Update Rules"), true, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php"); + $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); - display_top_tabs($tab_array); + display_top_tabs($tab_array, true); ?> </td></tr> <tr> diff --git a/config/suricata/suricata_flow_stream.php b/config/suricata/suricata_flow_stream.php index cc00f350..ba594d55 100644 --- a/config/suricata/suricata_flow_stream.php +++ b/config/suricata/suricata_flow_stream.php @@ -3,12 +3,23 @@ * suricata_flow_stream.php * part of pfSense * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: * Copyright (C) 2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: - * + * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * @@ -438,14 +449,15 @@ include_once("head.inc"); <tr><td> <?php $tab_array = array(); - $tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}"); + $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); - display_top_tabs($tab_array); + display_top_tabs($tab_array, true); echo '</td></tr>'; echo '<tr><td>'; $menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface "); @@ -457,7 +469,7 @@ include_once("head.inc"); $tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}"); - display_top_tabs($tab_array); + display_top_tabs($tab_array, true); ?> </td></tr> <tr><td><div id="mainarea"> diff --git a/config/suricata/suricata_generate_yaml.php b/config/suricata/suricata_generate_yaml.php index 0e348631..bd3ce368 100644 --- a/config/suricata/suricata_generate_yaml.php +++ b/config/suricata/suricata_generate_yaml.php @@ -1,30 +1,41 @@ <?php /* - suricata_generate_yaml.php - - Copyright (C) 2014 Bill Meeks - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. + * suricata_generate_yaml.php + * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. */ // Create required Suricata directories if they don't exist @@ -64,6 +75,11 @@ if (!empty($suricatacfg['externallistname']) && $suricatacfg['externallistname'] $external_net = trim($external_net); } +// Set the PASS LIST and write its contents to disk +$plist = suricata_build_list($suricatacfg, $suricatacfg['passlistname'], true); +@file_put_contents("{$suricatacfgdir}/passlist", implode("\n", $plist)); +$suri_passlist = "{$suricatacfgdir}/passlist"; + // Set default and user-defined variables for SERVER_VARS and PORT_VARS $suricata_servers = array ( "dns_servers" => "\$HOME_NET", "smtp_servers" => "\$HOME_NET", "http_servers" => "\$HOME_NET", @@ -137,6 +153,31 @@ if (!empty($suricatacfg['inspect_recursion_limit']) || $suricatacfg['inspect_rec else $inspection_recursion_limit = ""; +if ($suricatacfg['delayed_detect'] == 'on') + $delayed_detect = "yes"; +else + $delayed_detect = "no"; + +// Add interface-specific blocking settings +if ($suricatacfg['blockoffenders'] == 'on') + $suri_blockoffenders = "yes"; +else + $suri_blockoffenders = "no"; + +if ($suricatacfg['blockoffenderskill'] == 'on') + $suri_killstates = "yes"; +else + $suri_killstates = "no"; + +if ($suricatacfg['blockoffendersip'] == 'src') + $suri_blockip = 'SRC'; +elseif ($suricatacfg['blockoffendersip'] == 'dst') + $suri_blockip = 'DST'; +else + $suri_blockip = 'BOTH'; + +$suri_pf_table = SURICATA_PF_TABLE; + // Add interface-specific logging settings if ($suricatacfg['alertsystemlog'] == 'on') $alert_syslog = "yes"; diff --git a/config/suricata/suricata_global.php b/config/suricata/suricata_global.php index 938d6a97..9c932222 100644 --- a/config/suricata/suricata_global.php +++ b/config/suricata/suricata_global.php @@ -3,12 +3,23 @@ * suricata_global.php * part of pfSense * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: * Copyright (C) 2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: - * + * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * @@ -124,7 +135,7 @@ if (!$input_errors) { $retval = 0; - /* create whitelist and homenet file, then sync files */ + /* create passlist and homenet file, then sync files */ sync_suricata_package_config(); write_config(); @@ -168,10 +179,12 @@ if ($input_errors) $tab_array[] = array(gettext("Global Settings"), true, "/suricata/suricata_global.php"); $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php"); + $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); - display_top_tabs($tab_array); + display_top_tabs($tab_array, true); ?> </td></tr> <tr> @@ -304,18 +317,18 @@ if ($input_errors) <tr> <td colspan="2" valign="top" class="listtopic"><?php echo gettext("General Settings"); ?></td> </tr> -<tr style="display:none;"> +<tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Remove Blocked Hosts Interval"); ?></td> <td width="78%" class="vtable"> <select name="rm_blocked" class="formselect" id="rm_blocked"> <?php $interfaces3 = array('never_b' => gettext('NEVER'), '15m_b' => gettext('15 MINS'), '30m_b' => gettext('30 MINS'), '1h_b' => gettext('1 HOUR'), '3h_b' => gettext('3 HOURS'), '6h_b' => gettext('6 HOURS'), '12h_b' => gettext('12 HOURS'), '1d_b' => gettext('1 DAY'), '4d_b' => gettext('4 DAYS'), '7d_b' => gettext('7 DAYS'), '28d_b' => gettext('28 DAYS')); foreach ($interfaces3 as $iface3 => $ifacename3): ?> - <option value="<?=$iface3;?>" - <?php if ($iface3 == $pconfig['rm_blocked']) echo "selected"; ?>> - <?=htmlspecialchars($ifacename3);?></option> - <?php endforeach; ?> - </select> + <option value="<?=$iface3;?>" + <?php if ($iface3 == $pconfig['rm_blocked']) echo "selected"; ?>> + <?=htmlspecialchars($ifacename3);?></option> + <?php endforeach; ?> + </select> <?php echo gettext("Please select the amount of time you would like hosts to be blocked."); ?><br/><br/> <?php echo "<span class=\"red\"><strong>" . gettext("Hint:") . "</strong></span>" . gettext(" in most cases, 1 hour is a good choice.");?></td> </tr> diff --git a/config/suricata/suricata_interfaces.php b/config/suricata/suricata_interfaces.php index e8125986..26d57b71 100644 --- a/config/suricata/suricata_interfaces.php +++ b/config/suricata/suricata_interfaces.php @@ -2,19 +2,30 @@ /* * suricata_interfaces.php * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: * Copyright (C) 2014 Bill Meeks * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: - * + * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -134,9 +145,8 @@ if ($_POST['toggle']) { header("Location: /suricata/suricata_interfaces.php"); exit; } -$suri_bin_ver = SURICATA_VER; $suri_pkg_ver = SURICATA_PKG_VER; -$pgtitle = "Services: Suricata {$suri_bin_ver} pkg {$suri_pkg_ver} - Intrusion Detection System"; +$pgtitle = "Services: {$suri_pkg_ver} - Intrusion Detection System"; include_once("head.inc"); ?> @@ -164,10 +174,12 @@ include_once("head.inc"); $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php"); + $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); - display_top_tabs($tab_array); + display_top_tabs($tab_array, true); ?> </td> </tr> diff --git a/config/suricata/suricata_interfaces_edit.php b/config/suricata/suricata_interfaces_edit.php index fbb78aa2..3b61755c 100644 --- a/config/suricata/suricata_interfaces_edit.php +++ b/config/suricata/suricata_interfaces_edit.php @@ -2,19 +2,30 @@ /* * suricata_interfaces_edit.php * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: * Copyright (C) 2014 Bill Meeks * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: - * + * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -32,6 +43,9 @@ require_once("/usr/local/pkg/suricata/suricata.inc"); global $g, $rebuild_rules; +$suricatadir = SURICATADIR; +$suricatalogdir = SURICATALOGDIR; + if (!is_array($config['installedpackages']['suricata'])) $config['installedpackages']['suricata'] = array(); $suricataglob = $config['installedpackages']['suricata']; @@ -173,6 +187,16 @@ if ($_POST["save"]) { if (!empty($_POST['inspect_recursion_limit']) && !is_numeric($_POST['inspect_recursion_limit'])) $input_errors[] = gettext("The value for Inspect Recursion Limit can either be blank or contain only digits evaluating to an integer greater than or equal to 0."); + /* See if assigned interface is already in use */ + if (isset($_POST['interface'])) { + foreach ($a_rule as $k => $v) { + if (($v['interface'] == $_POST['interface']) && ($id <> $k)) { + $input_errors[] = gettext("The '{$_POST['interface']}' interface is already assigned to another Suricata instance."); + break; + } + } + } + // if no errors write to suricata.yaml if (!$input_errors) { $natent = $a_rule[$id]; @@ -204,23 +228,30 @@ if ($_POST["save"]) { if ($_POST['blockoffenders'] == "on") $natent['blockoffenders'] = 'on'; else $natent['blockoffenders'] = 'off'; if ($_POST['blockoffenderskill'] == "on") $natent['blockoffenderskill'] = 'on'; else unset($natent['blockoffenderskill']); if ($_POST['blockoffendersip']) $natent['blockoffendersip'] = $_POST['blockoffendersip']; else unset($natent['blockoffendersip']); - if ($_POST['whitelistname']) $natent['whitelistname'] = $_POST['whitelistname']; else unset($natent['whitelistname']); + if ($_POST['passlistname']) $natent['passlistname'] = $_POST['passlistname']; else unset($natent['passlistname']); if ($_POST['homelistname']) $natent['homelistname'] = $_POST['homelistname']; else unset($natent['homelistname']); if ($_POST['externallistname']) $natent['externallistname'] = $_POST['externallistname']; else unset($natent['externallistname']); if ($_POST['suppresslistname']) $natent['suppresslistname'] = $_POST['suppresslistname']; else unset($natent['suppresslistname']); if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = 'on'; }else{ $natent['alertsystemlog'] = 'off'; } + if ($_POST['delayed_detect'] == "on") { $natent['delayed_detect'] = 'on'; }else{ $natent['delayed_detect'] = 'off'; } if ($_POST['configpassthru']) $natent['configpassthru'] = base64_encode($_POST['configpassthru']); else unset($natent['configpassthru']); $if_real = get_real_interface($natent['interface']); if (isset($id) && $a_rule[$id]) { + // See if moving an existing Suricata instance to another physical interface if ($natent['interface'] != $a_rule[$id]['interface']) { $oif_real = get_real_interface($a_rule[$id]['interface']); - suricata_stop($a_rule[$id], $oif_real); - exec("rm -r /var/log/suricata_{$oif_real}" . $a_rule[$id]['uuid']); - exec("mv -f {$suricatadir}/suricata_" . $a_rule[$id]['uuid'] . "_{$oif_real} {$suricatadir}/suricata_" . $a_rule[$id]['uuid'] . "_{$if_real}"); + if (suricata_is_running($a_rule[$id]['uuid'], $oif_real)) { + suricata_stop($a_rule[$id], $oif_real); + $suricata_start = true; + } + else + $suricata_start = false; + exec("mv -f {$suricatalogdir}suricata_{$oif_real}" . $a_rule[$id]['uuid'] . " {$suricatalogdir}suricata_{$if_real}" . $a_rule[$id]['uuid']); + conf_mount_rw(); + exec("mv -f {$suricatadir}suricata_" . $a_rule[$id]['uuid'] . "_{$oif_real} {$suricatadir}suricata_" . $a_rule[$id]['uuid'] . "_{$if_real}"); + conf_mount_ro(); } - // Edits don't require a rules rebuild, so turn it "off" - $rebuild_rules = false; $a_rule[$id] = $natent; } else { // Adding new interface, so set interface configuration parameter defaults @@ -262,6 +293,7 @@ if ($_POST["save"]) { $natent['reassembly_to_client_chunk'] = '2560'; $natent['enable_midstream_sessions'] = 'off'; $natent['enable_async_sessions'] = 'off'; + $natent['delayed_detect'] = 'off'; $natent['asn1_max_frames'] = '256'; @@ -330,14 +362,16 @@ if ($savemsg) { <tr><td> <?php $tab_array = array(); - $tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}"); + $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); - display_top_tabs($tab_array); + display_top_tabs($tab_array, true); echo '</td></tr>'; echo '<tr><td class="tabnavtbl">'; $tab_array = array(); @@ -349,7 +383,7 @@ if ($savemsg) { $tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}"); - display_top_tabs($tab_array); + display_top_tabs($tab_array, true); ?> </td></tr> <tr><td><div id="mainarea"> @@ -490,8 +524,6 @@ if ($savemsg) { <?php echo gettext("Enter maximum number of packet log files to maintain. Default is ") . "<strong>" . gettext("1000") . "</strong>."; ?><br/><br/><?php echo gettext("When the number of packet log files reaches the set limit, the oldest file will be overwritten.") ?></td> </tr> - -<!-- ### Blocking not yet enabled, so hide the controls ### <tr> <td colspan="2" class="listtopic"><?php echo gettext("Alert Settings"); ?></td> </tr> @@ -527,9 +559,6 @@ if ($savemsg) { <span class="red"><?php echo gettext("Hint:") . "</span> " . gettext("Choosing BOTH is suggested, and it is the default value."); ?></span><br/></td> </td> </tr> - ### End of Blocking controls ### ---> - <tr> <td colspan="2" class="listtopic"><?php echo gettext("Detection Engine Settings"); ?></td> </tr> @@ -606,6 +635,14 @@ if ($savemsg) { gettext("3000") . "</strong>."; ?><br/><br/><?php echo gettext("When set to 0 an internal default is used. When left blank there is no recursion limit.") ?></td> </tr> <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Delayed Detect"); ?></td> + <td width="78%" class="vtable"> + <input name="delayed_detect" id="delayed_detect" type="checkbox" value="on" + <?php if ($pconfig['delayed_detect'] == "on") echo " checked"; ?>/> + <?php echo gettext("Suricata will build list of signatures after packet capture threads have started. Default is ") . + "<strong>" . gettext("Not Checked") . "</strong>."; ?></td> + </tr> + <tr> <td colspan="2" class="listtopic"><?php echo gettext("Networks " . "Suricata Should Inspect and Protect"); ?></td> </tr> <tr> @@ -666,17 +703,16 @@ if ($savemsg) { "setting at default. Create an Alias for custom External Net settings."); ?><br/> </td> </tr> -<!-- <tr> - <td width="22%" valign="top" class="vncell"><?php echo gettext("Whitelist"); ?></td> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Pass List"); ?></td> <td width="78%" class="vtable"> - <select name="whitelistname" class="formselect" id="whitelistname"> + <select name="passlistname" class="formselect" id="passlistname"> <?php - /* find whitelist names and filter by type, make sure to track by uuid */ + /* find passlist names and filter by type, make sure to track by uuid */ echo "<option value='default' >default</option>\n"; - if (is_array($suricataglob['whitelist']['item'])) { - foreach ($suricataglob['whitelist']['item'] as $value) { - if ($value['name'] == $pconfig['whitelistname']) + if (is_array($suricataglob['passlist']['item'])) { + foreach ($suricataglob['passlist']['item'] as $value) { + if ($value['name'] == $pconfig['passlistname']) echo "<option value='{$value['name']}' selected>"; else echo "<option value='{$value['name']}'>"; @@ -685,17 +721,15 @@ if ($savemsg) { } ?> </select> - <input type="button" class="formbtns" value="View List" onclick="viewList('<?=$id;?>','whitelistname','whitelist')" - id="btnWhitelist" title="<?php echo gettext("Click to view currently selected Whitelist contents"); ?>"/> + <input type="button" class="formbtns" value="View List" onclick="viewList('<?=$id;?>','passlistname','passlist')" + id="btnPasslist" title="<?php echo gettext("Click to view currently selected Pass List contents"); ?>"/> <br/> - <?php echo gettext("Choose the whitelist you want this interface to " . - "use."); ?> <br/><br/> + <?php echo gettext("Choose the Pass List you want this interface to use."); ?> <br/><br/> <span class="red"><?php echo gettext("Note:"); ?></span> <?php echo gettext("This option will only be used when block offenders is on."); ?><br/> <span class="red"><?php echo gettext("Hint:"); ?></span> <?php echo gettext("Default " . - "whitelist adds local networks, WAN IPs, Gateways, VPNs and VIPs. Create an Alias to customize."); ?> + "Pass List adds local networks, WAN IPs, Gateways, VPNs and VIPs. Create an Alias to customize."); ?> </td> </tr> ---> <tr> <td colspan="2" class="listtopic"><?php echo gettext("Alert Suppression and Filtering"); ?></td> </tr> @@ -756,11 +790,11 @@ if ($savemsg) { <script language="JavaScript"> function enable_blockoffenders() { -// var endis = !(document.iform.blockoffenders.checked); -// document.iform.blockoffenderskill.disabled=endis; -// document.iform.blockoffendersip.disabled=endis; -// document.iform.whitelistname.disabled=endis; -// document.iform.btnWhitelist.disabled=endis; + var endis = !(document.iform.blockoffenders.checked); + document.iform.blockoffenderskill.disabled=endis; + document.iform.blockoffendersip.disabled=endis; + document.iform.passlistname.disabled=endis; + document.iform.btnPasslist.disabled=endis; } function toggle_stats_log() { @@ -855,19 +889,20 @@ function enable_change(enable_change) { document.iform.mpm_algo.disabled = endis; document.iform.sgh_mpm_context.disabled = endis; document.iform.inspect_recursion_limit.disabled = endis; -// document.iform.blockoffenders.disabled = endis; -// document.iform.blockoffendersip.disabled=endis; -// document.iform.blockoffenderskill.disabled=endis; + document.iform.blockoffenders.disabled = endis; + document.iform.blockoffendersip.disabled=endis; + document.iform.blockoffenderskill.disabled=endis; document.iform.alertsystemlog.disabled = endis; document.iform.externallistname.disabled = endis; document.iform.homelistname.disabled = endis; -// document.iform.whitelistname.disabled=endis; + document.iform.passlistname.disabled=endis; document.iform.suppresslistname.disabled = endis; document.iform.configpassthru.disabled = endis; document.iform.btnHomeNet.disabled=endis; -// document.iform.btnWhitelist.disabled=endis; + document.iform.btnPasslist.disabled=endis; document.iform.btnSuppressList.disabled=endis; -} +} document.iform.delayed_detect.disabled=endis; + function wopen(url, name, w, h) { // Fudge factors for window decoration space. @@ -890,12 +925,12 @@ function getSelectedValue(elemID) { function viewList(id, elemID, elemType) { if (typeof elemType == "undefined") { - elemType = "whitelist"; + elemType = "passlist"; } var url = "suricata_list_view.php?id=" + id + "&wlist="; url = url + getSelectedValue(elemID) + "&type=" + elemType; url = url + "&time=" + new Date().getTime(); - wopen(url, 'WhitelistViewer', 640, 480); + wopen(url, 'PassListViewer', 640, 480); } enable_change(false); diff --git a/config/suricata/suricata_libhtp_policy_engine.php b/config/suricata/suricata_libhtp_policy_engine.php index 1a3c7455..7e6ffd6d 100644 --- a/config/suricata/suricata_libhtp_policy_engine.php +++ b/config/suricata/suricata_libhtp_policy_engine.php @@ -1,12 +1,24 @@ <?php /* * suricata_libhtp_policy_engine.php + * + * Portions of this code are based on original work done for the + * Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: * Copyright (C) 2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: - * + * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * diff --git a/config/suricata/suricata_list_view.php b/config/suricata/suricata_list_view.php index b6616909..722bf47a 100644 --- a/config/suricata/suricata_list_view.php +++ b/config/suricata/suricata_list_view.php @@ -2,29 +2,29 @@ /* * suricata_list_view.php * - Copyright (C) 2014 Bill Meeks - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. */ require_once("guiconfig.inc"); @@ -39,20 +39,24 @@ if (isset($_GET['id']) && is_numericint($_GET['id'])) $wlist = htmlspecialchars($_GET['wlist']); $type = htmlspecialchars($_GET['type']); +$title = "List"; if (isset($id) && isset($wlist)) { - $a_rule = $config['installedpackages']['suricata']['rule'][$id]; + $a_rule = $config['installedpackages']['suricataglobal']['rule'][$id]; if ($type == "homenet") { $list = suricata_build_list($a_rule, $wlist); $contents = implode("\n", $list); + $title = "HOME_NET"; } - elseif ($type == "whitelist") { + elseif ($type == "passlist") { $list = suricata_build_list($a_rule, $wlist, true); $contents = implode("\n", $list); + $title = "Pass List"; } elseif ($type == "suppress") { $list = suricata_find_list($wlist, $type); $contents = str_replace("\r", "", base64_decode($list['suppresspassthru'])); + $title = "Suppress List"; } else $contents = gettext("\n\nERROR -- Requested List Type entity is not valid!"); @@ -60,29 +64,26 @@ if (isset($id) && isset($wlist)) { else $contents = gettext("\n\nERROR -- Supplied interface or List entity is not valid!"); -$pgtitle = array(gettext("Suricata"), gettext(ucfirst($type) . " Viewer")); +$pgtitle = array(gettext("Suricata"), gettext($title . " Viewer")); ?> <?php include("head.inc");?> <body link="#000000" vlink="#000000" alink="#000000"> -<?php if ($savemsg) print_info_box($savemsg); ?> -<?php // include("fbegin.inc");?> -<form action="suricata_list_view.php" method="post"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td class="tabcont"> <table width="100%" cellpadding="0" cellspacing="6" bgcolor="#eeeeee"> <tr> - <td class="pgtitle" colspan="2">Suricata: <?php echo gettext(ucfirst($type) . " Viewer"); ?></td> + <td class="pgtitle" colspan="2">Snort: <?php echo gettext($title . " Viewer"); ?></td> </tr> <tr> <td align="left" width="20%"> <input type="button" class="formbtn" value="Return" onclick="window.close()"> </td> <td align="right"> - <b><?php echo gettext(ucfirst($type) . ": ") . '</b> ' . $_GET['wlist']; ?> + <b><?php echo gettext($title . ": ") . '</b> ' . htmlspecialchars($_GET['wlist']); ?> </td> </tr> <tr> @@ -96,7 +97,5 @@ $pgtitle = array(gettext("Suricata"), gettext(ucfirst($type) . " Viewer")); </td> </tr> </table> -</form> -<?php // include("fend.inc");?> </body> </html> diff --git a/config/suricata/suricata_logs_browser.php b/config/suricata/suricata_logs_browser.php index 53530881..04edf373 100644 --- a/config/suricata/suricata_logs_browser.php +++ b/config/suricata/suricata_logs_browser.php @@ -1,30 +1,41 @@ <?php /* - suricata_logs_browser.php - - Copyright (C) 2014 Bill Meeks - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. + * suricata_logs_browser.php + * + * Portions of this code are based on original work done for the + * Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. */ require_once("guiconfig.inc"); @@ -129,10 +140,12 @@ if ($input_errors) { $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$instanceid}"); + $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); $tab_array[] = array(gettext("Logs Browser"), true, "/suricata/suricata_logs_browser.php"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); - display_top_tabs($tab_array); + display_top_tabs($tab_array, true); ?> </td> </tr> @@ -162,7 +175,7 @@ if ($input_errors) { <td width="78%" class="vtable"> <select name="logFile" id="logFile" class="formselect" onChange="loadFile();"> <?php - $logs = array( "alerts.log", "files-json.log", "http.log", "stats.log", "suricata.log", "tls.log" ); + $logs = array( "alerts.log", "block.log", "files-json.log", "http.log", "stats.log", "suricata.log", "tls.log" ); foreach ($logs as $log) { $selected = ""; if ($log == basename($logfile)) diff --git a/config/suricata/suricata_logs_mgmt.php b/config/suricata/suricata_logs_mgmt.php index 7418dd80..16376c5b 100644 --- a/config/suricata/suricata_logs_mgmt.php +++ b/config/suricata/suricata_logs_mgmt.php @@ -1,14 +1,24 @@ <?php /* * suricata_logs_mgmt.php - * part of pfSense * + * Portions of this code are based on original work done for the + * Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: * Copyright (C) 2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: - * + * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * @@ -44,6 +54,8 @@ $pconfig['suricataloglimit'] = $config['installedpackages']['suricata']['config' $pconfig['suricataloglimitsize'] = $config['installedpackages']['suricata']['config'][0]['suricataloglimitsize']; $pconfig['alert_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['alert_log_limit_size']; $pconfig['alert_log_retention'] = $config['installedpackages']['suricata']['config'][0]['alert_log_retention']; +$pconfig['block_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['block_log_limit_size']; +$pconfig['block_log_retention'] = $config['installedpackages']['suricata']['config'][0]['block_log_retention']; $pconfig['files_json_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['files_json_log_limit_size']; $pconfig['files_json_log_retention'] = $config['installedpackages']['suricata']['config'][0]['files_json_log_retention']; $pconfig['http_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['http_log_limit_size']; @@ -54,6 +66,7 @@ $pconfig['tls_log_limit_size'] = $config['installedpackages']['suricata']['confi $pconfig['tls_log_retention'] = $config['installedpackages']['suricata']['config'][0]['tls_log_retention']; $pconfig['unified2_log_limit'] = $config['installedpackages']['suricata']['config'][0]['unified2_log_limit']; $pconfig['u2_archive_log_retention'] = $config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention']; +$pconfig['file_store_retention'] = $config['installedpackages']['suricata']['config'][0]['file_store_retention']; // Load up some arrays with selection values (we use these later). // The keys in the $retentions array are the retention period @@ -77,6 +90,8 @@ if (empty($pconfig['suricataloglimitsize'])) { // Set default retention periods for rotated logs if (empty($pconfig['alert_log_retention'])) $pconfig['alert_log_retention'] = "336"; +if (empty($pconfig['block_log_retention'])) + $pconfig['block_log_retention'] = "336"; if (empty($pconfig['files_json_log_retention'])) $pconfig['files_json_log_retention'] = "168"; if (empty($pconfig['http_log_retention'])) @@ -87,10 +102,14 @@ if (empty($pconfig['tls_log_retention'])) $pconfig['tls_log_retention'] = "336"; if (empty($pconfig['u2_archive_log_retention'])) $pconfig['u2_archive_log_retention'] = "168"; +if (empty($pconfig['file_store_retention'])) + $pconfig['file_store_retention'] = "168"; // Set default log file size limits if (empty($pconfig['alert_log_limit_size'])) $pconfig['alert_log_limit_size'] = "500"; +if (empty($pconfig['block_log_limit_size'])) + $pconfig['block_log_limit_size'] = "500"; if (empty($pconfig['files_json_log_limit_size'])) $pconfig['files_json_log_limit_size'] = "1000"; if (empty($pconfig['http_log_limit_size'])) @@ -119,6 +138,8 @@ if ($_POST["save"]) { $config['installedpackages']['suricata']['config'][0]['suricataloglimitsize'] = $_POST['suricataloglimitsize']; $config['installedpackages']['suricata']['config'][0]['alert_log_limit_size'] = $_POST['alert_log_limit_size']; $config['installedpackages']['suricata']['config'][0]['alert_log_retention'] = $_POST['alert_log_retention']; + $config['installedpackages']['suricata']['config'][0]['block_log_limit_size'] = $_POST['block_log_limit_size']; + $config['installedpackages']['suricata']['config'][0]['block_log_retention'] = $_POST['block_log_retention']; $config['installedpackages']['suricata']['config'][0]['files_json_log_limit_size'] = $_POST['files_json_log_limit_size']; $config['installedpackages']['suricata']['config'][0]['files_json_log_retention'] = $_POST['files_json_log_retention']; $config['installedpackages']['suricata']['config'][0]['http_log_limit_size'] = $_POST['http_log_limit_size']; @@ -129,6 +150,7 @@ if ($_POST["save"]) { $config['installedpackages']['suricata']['config'][0]['tls_log_retention'] = $_POST['tls_log_retention']; $config['installedpackages']['suricata']['config'][0]['unified2_log_limit'] = $_POST['unified2_log_limit']; $config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention'] = $_POST['u2_archive_log_retention']; + $config['installedpackages']['suricata']['config'][0]['file_store_retention'] = $_POST['file_store_retention']; write_config(); sync_suricata_package_config(); @@ -169,10 +191,12 @@ if ($input_errors) $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php"); + $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php"); $tab_array[] = array(gettext("Logs Mgmt"), true, "/suricata/suricata_logs_mgmt.php"); - display_top_tabs($tab_array); + display_top_tabs($tab_array, true); ?> </td></tr> <tr> @@ -276,6 +300,26 @@ if ($input_errors) <td class="listbg"><?=gettext("Suricata alerts and event details");?></td> </tr> <tr> + <td class="listbg">block</td> + <td class="listr" align="center"><select name="block_log_limit_size" class="formselect" id="block_log_limit_size"> + <?php foreach ($log_sizes as $k => $l): ?> + <option value="<?=$k;?>" + <?php if ($k == $pconfig['block_log_limit_size']) echo "selected"; ?>> + <?=htmlspecialchars($l);?></option> + <?php endforeach; ?> + </select> + </td> + <td class="listr" align="center"><select name="block_log_retention" class="formselect" id="block_log_retention"> + <?php foreach ($retentions as $k => $p): ?> + <option value="<?=$k;?>" + <?php if ($k == $pconfig['block_log_retention']) echo "selected"; ?>> + <?=htmlspecialchars($p);?></option> + <?php endforeach; ?> + </select> + </td> + <td class="listbg"><?=gettext("Suricata blocked IPs and event details");?></td> + </tr> + <tr> <td class="listbg">files-json</td> <td class="listr" align="center"><select name="files_json_log_limit_size" class="formselect" id="files_json_log_limit_size"> <?php foreach ($log_sizes as $k => $l): ?> @@ -386,6 +430,19 @@ if ($input_errors) </td> </tr> <tr> + <td class="vncell" width="22%" valign="top"><?=gettext("Captured Files Retention Period");?></td> + <td width="78%" class="vtable"><select name="file_store_retention" class="formselect" id="file_store_retention"> + <?php foreach ($retentions as $k => $p): ?> + <option value="<?=$k;?>" + <?php if ($k == $pconfig['file_store_retention']) echo "selected"; ?>> + <?=htmlspecialchars($p);?></option> + <?php endforeach; ?> + </select> <?=gettext("Choose retention period for captured files in File Store. Default is ") . "<strong>" . gettext("7 days."). "</strong>";?><br/><br/> + <?=gettext("When file capture and store is enabled, Suricata captures downloaded files from HTTP sessions and stores them, along with metadata, ") . + gettext("for later analysis. This setting determines how long files remain in the File Store folder before they are automatically deleted.");?> + </td> +</tr> +<tr> <td width="22%"></td> <td width="78%" class="vexpl"><input name="save" type="submit" class="formbtn" value="Save"/><br/> <br/><span class="red"><strong><?php echo gettext("Note:");?></strong> @@ -402,6 +459,8 @@ function enable_change() { var endis = !(document.iform.enable_log_mgmt.checked); document.iform.alert_log_limit_size.disabled = endis; document.iform.alert_log_retention.disabled = endis; + document.iform.block_log_limit_size.disabled = endis; + document.iform.block_log_retention.disabled = endis; document.iform.files_json_log_limit_size.disabled = endis; document.iform.files_json_log_retention.disabled = endis; document.iform.http_log_limit_size.disabled = endis; @@ -412,6 +471,7 @@ function enable_change() { document.iform.tls_log_retention.disabled = endis; document.iform.unified2_log_limit.disabled = endis; document.iform.u2_archive_log_retention.disabled = endis; + document.iform.file_store_retention.disabled = endis; } function enable_change_dirSize() { diff --git a/config/suricata/suricata_os_policy_engine.php b/config/suricata/suricata_os_policy_engine.php index c9360901..869d940c 100644 --- a/config/suricata/suricata_os_policy_engine.php +++ b/config/suricata/suricata_os_policy_engine.php @@ -1,12 +1,24 @@ <?php /* * suricata_os_policy_engine.php + * + * Portions of this code are based on original work done for the + * Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: * Copyright (C) 2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: - * + * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * diff --git a/config/suricata/suricata_passlist.php b/config/suricata/suricata_passlist.php new file mode 100644 index 00000000..fc7c60e2 --- /dev/null +++ b/config/suricata/suricata_passlist.php @@ -0,0 +1,206 @@ +<?php +/* + * suricata_passlist.php + * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/suricata/suricata.inc"); + +if (!is_array($config['installedpackages']['suricata']['passlist'])) + $config['installedpackages']['suricata']['passlist'] = array(); +if (!is_array($config['installedpackages']['suricata']['passlist']['item'])) + $config['installedpackages']['suricata']['passlist']['item'] = array(); +$a_passlist = &$config['installedpackages']['suricata']['passlist']['item']; + +// Calculate the next Pass List index ID +if (isset($config['installedpackages']['suricata']['passlist']['item'])) + $id_gen = count($config['installedpackages']['suricata']['passlist']['item']); +else + $id_gen = '0'; + +function suricata_is_passlist_used($list) { + + /********************************************** + * This function tests the provided Pass List * + * to determine if it is assigned to an * + * interface. * + * * + * On Entry: $list -> Pass List name to test * + * * + * Returns: TRUE if Pass List is in use or * + * FALSE if not in use * + **********************************************/ + + global $config; + + if (!is_array($config['installedpackages']['suricata']['rule'])) + return FALSE; + + foreach($config['installedpackages']['suricata']['rule'] as $v) { + if (isset($v['passlistname']) && $v['passlistname'] == $list) + return TRUE; + } + return FALSE; +} + +if ($_POST['del'] && is_numericint($_POST['list_id'])) { + if ($a_passlist[$_POST['list_id']]) { + /* make sure list is not being referenced by any interface */ + if (suricata_is_passlist_used($a_passlist[$_POST['list_id']]['name'])) { + $input_errors[] = gettext("This Pass List is currently assigned to a Suricata interface and cannot be deleted. Unassign it from all Suricata interfaces first."); + } + if (!$input_errors) { + unset($a_passlist[$_POST['list_id']]); + write_config("Suricata pkg: deleted PASS LIST."); + sync_suricata_package_config(); + header("Location: /suricata/suricata_passlist.php"); + exit; + } + } +} + +$pgtitle = gettext("Suricata: Pass Lists"); +include_once("head.inc"); +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> + +<?php +include_once("fbegin.inc"); + +/* Display Alert message */ +if ($input_errors) { + print_input_errors($input_errors); +} +if ($savemsg) { + print_info_box($savemsg); +} +?> + +<form action="/suricata/suricata_passlist.php" method="post"> +<input type="hidden" name="list_id" id="list_id" value=""/> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr><td> + <?php + $tab_array = array(); + $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); + $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); + $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php"); + $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Pass Lists"), true, "/suricata/suricata_passlist.php"); + $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); + $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$instanceid}"); + $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); + display_top_tabs($tab_array, true); + ?> + </td> +</tr> +<tr> + <td><div id="mainarea"> + <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td width="25%" class="listhdrr">List Name</td> + <td width="30%" class="listhdrr">Assigned Alias</td> + <td class="listhdr">Description</td> + <td width="40px" class="list"></td> + </tr> + <?php foreach ($a_passlist as $i => $list): ?> + <tr> + <td class="listlr" + ondblclick="document.location='suricata_passlist_edit.php?id=<?=$i;?>';"> + <?=htmlspecialchars($list['name']);?></td> + <td class="listr" + ondblclick="document.location='suricata_passlist_edit.php?id=<?=$i;?>';" + title="<?=filter_expand_alias($list['address']);?>"> + <?php echo gettext($list['address']);?></td> + <td class="listbg" + ondblclick="document.location='suricata_passlist_edit.php?id=<?=$i;?>';"> + <font color="#FFFFFF"> <?=htmlspecialchars($list['descr']);?> + </td> + <td valign="middle" nowrap class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td valign="middle"><a href="suricata_passlist_edit.php?id=<?=$i;?>"> + <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="<?php echo gettext("Edit pass list"); ?>"></a> + </td> + <td><input type="image" name="del[]" onclick="document.getElementById('list_id').value='<?=$i;?>';return confirm('<?=gettext("Do you really want to delete this pass list? Click OK to continue or CANCEL to quit.)!");?>');" + src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="<?php echo gettext("Delete pass list"); ?>"/> + </td> + </tr> + </table> + </td> + </tr> + <?php endforeach; ?> + <tr> + <td class="list" colspan="3"></td> + <td class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td valign="middle" width="17"> </td> + <td valign="middle"><a href="suricata_passlist_edit.php?id=<?php echo $id_gen;?> "> + <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" + width="17" height="17" border="0" title="<?php echo gettext("add a new pass list"); ?>"/></a> + </td> + </tr> + </table> + </td> + </tr> + </table> + </div> + </td> + </tr> +</table> +<br> +<table width="100%" border="0" cellpadding="1" + cellspacing="1"> + <tr> + <td width="100%"><span class="vexpl"><span class="red"><strong><?php echo gettext("Notes:"); ?></strong></span> + <p><?php echo gettext("1. Here you can create Pass List files for your Suricata package rules. Hosts on a Pass List are never blocked by Suricata."); ?><br/> + <?php echo gettext("2. Add all the IP addresses or networks (in CIDR notation) you want to protect against Suricata block decisions."); ?><br/> + <?php echo gettext("3. The default Pass List includes the WAN IP and gateway, defined DNS servers, VPNs and locally-attached networks."); ?><br/> + <?php echo gettext("4. Be careful, it is very easy to get locked out of your system by altering the default settings."); ?></p></span></td> + </tr> + <tr> + <td width="100%"><span class="vexpl"><?php echo gettext("Remember you must restart Suricata on the interface for changes to take effect!"); ?></span></td> + </tr> +</table> +</form> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/suricata/suricata_passlist_edit.php b/config/suricata/suricata_passlist_edit.php new file mode 100644 index 00000000..35c7b66e --- /dev/null +++ b/config/suricata/suricata_passlist_edit.php @@ -0,0 +1,329 @@ +<?php +/* + * suricata_passlist_edit.php + * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/suricata/suricata.inc"); + +if ($_POST['cancel']) { + header("Location: /suricata/suricata_passlist.php"); + exit; +} + +if (!is_array($config['installedpackages']['suricata']['passlist'])) + $config['installedpackages']['suricata']['passlist'] = array(); +if (!is_array($config['installedpackages']['suricata']['passlist']['item'])) + $config['installedpackages']['suricata']['passlist']['item'] = array(); +$a_passlist = &$config['installedpackages']['suricata']['passlist']['item']; + +if (isset($_POST['id']) && is_numericint($_POST['id'])) + $id = $_POST['id']; +elseif (isset($_GET['id']) && is_numericint($_GET['id'])) + $id = htmlspecialchars($_GET['id']); + +/* Should never be called without identifying list index, so bail */ +if (is_null($id)) { + header("Location: /suricata/suricata_interfaces_passlist.php"); + exit; +} + +/* If no entry for this passlist, then create a UUID and treat it like a new list */ +if (!isset($a_passlist[$id]['uuid'])) { + $passlist_uuid = 0; + while ($passlist_uuid > 65535 || $passlist_uuid == 0) { + $passlist_uuid = mt_rand(1, 65535); + $pconfig['uuid'] = $passlist_uuid; + $pconfig['name'] = "passlist_{$passlist_uuid}"; + } +} else + $passlist_uuid = $a_passlist[$id]['uuid']; + +/* returns true if $name is a valid name for a pass list file name or ip */ +function is_validpasslistname($name) { + if (!is_string($name)) + return false; + + if (!preg_match("/[^a-zA-Z0-9\_\.\/]/", $name)) + return true; + + return false; +} + +if (isset($id) && $a_passlist[$id]) { + /* old settings */ + $pconfig = array(); + $pconfig['name'] = $a_passlist[$id]['name']; + $pconfig['uuid'] = $a_passlist[$id]['uuid']; + $pconfig['detail'] = $a_passlist[$id]['detail']; + $pconfig['address'] = $a_passlist[$id]['address']; + $pconfig['descr'] = html_entity_decode($a_passlist[$id]['descr']); + $pconfig['localnets'] = $a_passlist[$id]['localnets']; + $pconfig['wanips'] = $a_passlist[$id]['wanips']; + $pconfig['wangateips'] = $a_passlist[$id]['wangateips']; + $pconfig['wandnsips'] = $a_passlist[$id]['wandnsips']; + $pconfig['vips'] = $a_passlist[$id]['vips']; + $pconfig['vpnips'] = $a_passlist[$id]['vpnips']; +} + +// Check for returned "selected alias" if action is import +if ($_GET['act'] == "import") { + if ($_GET['varname'] == "address" && isset($_GET['varvalue'])) + $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']); +} + +if ($_POST['save']) { + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + $reqdfields = explode(" ", "name"); + $reqdfieldsn = explode(",", "Name"); + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if(strtolower($_POST['name']) == "defaultpasslist") + $input_errors[] = gettext("Pass List file names may not be named defaultpasslist."); + + if (is_validpasslistname($_POST['name']) == false) + $input_errors[] = gettext("Pass List file name may only consist of the characters \"a-z, A-Z, 0-9 and _\". Note: No Spaces or dashes. Press Cancel to reset."); + + /* check for name conflicts */ + foreach ($a_passlist as $w_list) { + if (isset($id) && ($a_passlist[$id]) && ($a_passlist[$id] === $w_list)) + continue; + + if ($w_list['name'] == $_POST['name']) { + $input_errors[] = gettext("A Pass List file name with this name already exists."); + break; + } + } + + if ($_POST['address']) + if (!is_alias($_POST['address'])) + $input_errors[] = gettext("A valid alias must be provided"); + + if (!$input_errors) { + $w_list = array(); + /* post user input */ + $w_list['name'] = $_POST['name']; + $w_list['uuid'] = $passlist_uuid; + $w_list['localnets'] = $_POST['localnets']? 'yes' : 'no'; + $w_list['wanips'] = $_POST['wanips']? 'yes' : 'no'; + $w_list['wangateips'] = $_POST['wangateips']? 'yes' : 'no'; + $w_list['wandnsips'] = $_POST['wandnsips']? 'yes' : 'no'; + $w_list['vips'] = $_POST['vips']? 'yes' : 'no'; + $w_list['vpnips'] = $_POST['vpnips']? 'yes' : 'no'; + + $w_list['address'] = $_POST['address']; + $w_list['descr'] = mb_convert_encoding($_POST['descr'],"HTML-ENTITIES","auto"); + $w_list['detail'] = $final_address_details; + + if (isset($id) && $a_passlist[$id]) + $a_passlist[$id] = $w_list; + else + $a_passlist[] = $w_list; + + write_config("Snort pkg: modified PASS LIST {$w_list['name']}."); + + /* create pass list and homenet file, then sync files */ + sync_suricata_package_config(); + + header("Location: /suricata/suricata_passlist.php"); + exit; + } +} + +$pgtitle = gettext("Suricata: Pass List Edit - {$pconfig['name']}"); +include_once("head.inc"); +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC" > + +<?php +include("fbegin.inc"); +if ($input_errors) + print_input_errors($input_errors); +if ($savemsg) + print_info_box($savemsg); +?> +<script type="text/javascript" src="/javascript/autosuggest.js"> +</script> +<script type="text/javascript" src="/javascript/suggestions.js"> +</script> +<form action="suricata_passlist_edit.php" method="post" name="iform" id="iform"> +<input name="id" type="hidden" value="<?=$id;?>" /> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr><td> +<?php + $tab_array = array(); + $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); + $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); + $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php"); + $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Pass Lists"), true, "/suricata/suricata_passlist.php"); + $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); + $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$instanceid}"); + $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); + display_top_tabs($tab_array, true); +?> + </td> +</tr> +<tr><td><div id="mainarea"> +<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Add the name and " . + "description of the file."); ?></td> + </tr> + <tr> + <td valign="top" class="vncellreq"><?php echo gettext("Name"); ?></td> + <td class="vtable"><input name="name" type="text" id="name" class="formfld unknown" + size="40" value="<?=htmlspecialchars($pconfig['name']);?>" /> <br /> + <span class="vexpl"> <?php echo gettext("The list name may only consist of the " . + "characters \"a-z, A-Z, 0-9 and _\"."); ?> <span class="red"><?php echo gettext("Note:"); ?> </span> + <?php echo gettext("No Spaces or dashes."); ?> </span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Description"); ?></td> + <td width="78%" class="vtable"><input name="descr" type="text" class="formfld unknown" + id="descr" size="40" value="<?=$pconfig['descr'];?>" /> <br /> + <span class="vexpl"> <?php echo gettext("You may enter a description here for your " . + "reference (not parsed)."); ?> </span></td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Add auto-generated IP Addresses."); ?></td> + </tr> + + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Local Networks"); ?></td> + <td width="78%" class="vtable"><input name="localnets" type="checkbox" + id="localnets" size="40" value="yes" + <?php if($pconfig['localnets'] == 'yes'){ echo "checked";} if($pconfig['localnets'] == ''){ echo "checked";} ?> /> + <span class="vexpl"> <?php echo gettext("Add firewall Local Networks to the list (excluding WAN)."); ?> </span></td> + </tr> + + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("WAN IPs"); ?></td> + <td width="78%" class="vtable"><input name="wanips" type="checkbox" + id="wanips" size="40" value="yes" + <?php if($pconfig['wanips'] == 'yes'){ echo "checked";} if($pconfig['wanips'] == ''){ echo "checked";} ?> /> + <span class="vexpl"> <?php echo gettext("Add WAN interface IPs to the list."); ?> </span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("WAN Gateways"); ?></td> + <td width="78%" class="vtable"><input name="wangateips" + type="checkbox" id="wangateips" size="40" value="yes" + <?php if($pconfig['wangateips'] == 'yes'){ echo "checked";} if($pconfig['wangateips'] == ''){ echo "checked";} ?> /> + <span class="vexpl"> <?php echo gettext("Add WAN Gateways to the list."); ?> </span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("WAN DNS servers"); ?></td> + <td width="78%" class="vtable"><input name="wandnsips" + type="checkbox" id="wandnsips" size="40" value="yes" + <?php if($pconfig['wandnsips'] == 'yes'){ echo "checked";} if($pconfig['wandnsips'] == ''){ echo "checked";} ?> /> + <span class="vexpl"> <?php echo gettext("Add WAN DNS servers to the list."); ?> </span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Virtual IP Addresses"); ?></td> + <td width="78%" class="vtable"><input name="vips" type="checkbox" + id="vips" size="40" value="yes" + <?php if($pconfig['vips'] == 'yes'){ echo "checked";} if($pconfig['vips'] == ''){ echo "checked";} ?> /> + <span class="vexpl"> <?php echo gettext("Add Virtual IP Addresses to the list."); ?> </span></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("VPNs"); ?></td> + <td width="78%" class="vtable"><input name="vpnips" type="checkbox" + id="vpnips" size="40" value="yes" + <?php if($pconfig['vpnips'] == 'yes'){ echo "checked";} if($pconfig['vpnips'] == ''){ echo "checked";} ?> /> + <span class="vexpl"> <?php echo gettext("Add VPN Addresses to the list."); ?> </span></td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Add custom IP Addresses from configured Aliases."); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"> + <?php echo gettext("Assigned Aliases:"); ?> + </td> + <td width="78%" class="vtable"> + <input autocomplete="off" name="address" type="text" class="formfldalias" id="address" size="30" value="<?=htmlspecialchars($pconfig['address']);?>" + title="<?=trim(filter_expand_alias($pconfig['address']));?>"/> + <input type="button" class="formbtns" value="Aliases" onclick="parent.location='suricata_select_alias.php?id=0&type=host|network&varname=address&act=import&multi_ip=yes&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'" + title="<?php echo gettext("Select an existing IP alias");?>"/> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input id="save" name="save" type="submit" class="formbtn" value="Save" /> + <input id="cancel" name="cancel" type="submit" class="formbtn" value="Cancel" /> + </td> + </tr> +</table> +</div> +</td></tr> +</table> +</form> +<script type="text/javascript"> +<?php + $isfirst = 0; + $aliases = ""; + $addrisfirst = 0; + $aliasesaddr = ""; + if(isset($config['aliases']['alias']) && is_array($config['aliases']['alias'])) + foreach($config['aliases']['alias'] as $alias_name) { + if ($alias_name['type'] != "host" && $alias_name['type'] != "network") + continue; + if($addrisfirst == 1) $aliasesaddr .= ","; + $aliasesaddr .= "'" . $alias_name['name'] . "'"; + $addrisfirst = 1; + } +?> + var addressarray=new Array(<?php echo $aliasesaddr; ?>); + +function createAutoSuggest() { +<?php + echo "objAlias = new AutoSuggestControl(document.getElementById('address'), new StateSuggestions(addressarray));\n"; +?> +} + +setTimeout("createAutoSuggest();", 500); + +</script> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/suricata/suricata_post_install.php b/config/suricata/suricata_post_install.php index 4d5454d5..c44b392f 100644 --- a/config/suricata/suricata_post_install.php +++ b/config/suricata/suricata_post_install.php @@ -2,13 +2,23 @@ /* * suricata_post_install.php * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: * Copyright (C) 2014 Bill Meeks - * part of pfSense * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: - * + * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * @@ -110,8 +120,8 @@ if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] = suricata_create_rc(); // Set Log Limit, Block Hosts Time and Rules Update Time - suricata_loglimit_install_cron(); -// suricata_rm_blocked_install_cron($config['installedpackages']['suricata']['config'][0]['rm_blocked'] != "never_b" ? true : false); + suricata_loglimit_install_cron(true); + suricata_rm_blocked_install_cron($config['installedpackages']['suricata']['config'][0]['rm_blocked'] != "never_b" ? true : false); suricata_rules_up_install_cron($config['installedpackages']['suricata']['config'][0]['autoruleupdate'] != "never_up" ? true : false); // Add the recurring jobs created above to crontab @@ -138,7 +148,7 @@ if ($config['installedpackages']['suricata']['config'][0]['forcekeepsettings'] = } // Update Suricata package version in configuration -$config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "v0.3-BETA"; +$config['installedpackages']['suricata']['config'][0]['suricata_config_ver'] = "v1.0.1"; write_config(); // Done with post-install, so clear flag diff --git a/config/suricata/suricata_rules.php b/config/suricata/suricata_rules.php index 5883ed8e..82bb33eb 100644 --- a/config/suricata/suricata_rules.php +++ b/config/suricata/suricata_rules.php @@ -2,19 +2,30 @@ /* * suricata_rules.php * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: * Copyright (C) 2014 Bill Meeks * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: - * + * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -385,14 +396,16 @@ if ($savemsg) { <tr><td> <?php $tab_array = array(); - $tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}"); + $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); - display_top_tabs($tab_array); + display_top_tabs($tab_array, true); echo '</td></tr>'; echo '<tr><td class="tabnavtbl">'; $menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface ");; @@ -404,7 +417,7 @@ if ($savemsg) { $tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}"); - display_top_tabs($tab_array); + display_top_tabs($tab_array, true); ?> </td></tr> <tr><td><div id="mainarea"> diff --git a/config/suricata/suricata_rules_edit.php b/config/suricata/suricata_rules_edit.php index b61c2f3a..0a4bd62a 100644 --- a/config/suricata/suricata_rules_edit.php +++ b/config/suricata/suricata_rules_edit.php @@ -2,19 +2,30 @@ /* * suricata_rules_edit.php * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: * Copyright (C) 2014 Bill Meeks * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: - * + * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE diff --git a/config/suricata/suricata_rules_flowbits.php b/config/suricata/suricata_rules_flowbits.php index 1907cbeb..c5193a8b 100644 --- a/config/suricata/suricata_rules_flowbits.php +++ b/config/suricata/suricata_rules_flowbits.php @@ -1,19 +1,31 @@ <?php /* * suricata_rules_flowbits.php + * + * Portions of this code are based on original work done for the + * Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: * Copyright (C) 2014 Bill Meeks * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: - * + * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE diff --git a/config/suricata/suricata_rulesets.php b/config/suricata/suricata_rulesets.php index e607acc1..c939ef25 100644 --- a/config/suricata/suricata_rulesets.php +++ b/config/suricata/suricata_rulesets.php @@ -2,19 +2,30 @@ /* * suricata_rulesets.php * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: * Copyright (C) 2014 Bill Meeks * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: - * + * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. - * + * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -250,14 +261,16 @@ if ($savemsg) { <tr><td> <?php $tab_array = array(); - $tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}"); + $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); - display_top_tabs($tab_array); + display_top_tabs($tab_array, true); echo '</td></tr>'; echo '<tr><td class="tabnavtbl">'; $menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface "); @@ -269,7 +282,7 @@ if ($savemsg) { $tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}"); $tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/suricata/suricata_barnyard.php?id={$id}"); - display_top_tabs($tab_array); + display_top_tabs($tab_array, true); ?> </td></tr> <tr> diff --git a/config/suricata/suricata_select_alias.php b/config/suricata/suricata_select_alias.php new file mode 100644 index 00000000..527412d1 --- /dev/null +++ b/config/suricata/suricata_select_alias.php @@ -0,0 +1,241 @@ +<?php +/* $Id$ */ +/* + suricata_select_alias.php + Copyright (C) 2014 Bill Meeks + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); +require_once("functions.inc"); +require_once("/usr/local/pkg/suricata/suricata.inc"); + +// Need to keep track of who called us so we can return to the correct page +// when the SAVE button is clicked. On initial entry, a GET variable is +// passed with the referrer's URL encoded within. That value is saved and +// used when SAVE or CANCEL is clicked to return to the referring page. +// + +// Retrieve the QUERY STRING of the original referrer so we can return it. +// On the initial pass, we will save it in a hidden POST field so we won't +// overwrite it on subsequent POST-BACKs to this page. +if (!isset($_POST['org_querystr'])) + $querystr = $_SERVER['QUERY_STRING']; +else + $querystr = $_POST['org_querystr']; + +// Retrieve any passed QUERY STRING or POST variables +if (isset($_POST['type'])) + $type = $_POST['type']; +elseif (isset($_GET['type'])) + $type = htmlspecialchars($_GET['type']); + +if (isset($_POST['varname'])) + $varname = $_POST['varname']; +elseif (isset($_GET['varname'])) + $varname = htmlspecialchars($_GET['varname']); + +if (isset($_POST['multi_ip'])) + $multi_ip = $_POST['multi_ip']; +elseif (isset($_GET['multi_ip'])) + $multi_ip = htmlspecialchars($_GET['multi_ip']); + +if (isset($_POST['returl'])) + $referrer = urldecode($_POST['returl']); +elseif (isset($_GET['returl'])) + $referrer = urldecode($_GET['returl']); + +// Make sure we have a valid VARIABLE name +// and ALIAS TYPE, or else bail out. +if (is_null($type) || is_null($varname)) { + header("Location: http://{$referrer}?{$querystr}"); + exit; +} + +// Used to track if any selectable Aliases are found +$selectablealias = false; + +// Initialize required array variables as necessary +if (!is_array($config['aliases']['alias'])) + $config['aliases']['alias'] = array(); +$a_aliases = $config['aliases']['alias']; + +// Create an array consisting of the Alias types the +// caller wants to select from. +$a_types = array(); +$a_types = explode('|', strtolower($type)); + +// Create a proper title based on the Alias types +$title = "a"; +switch (count($a_types)) { + case 1: + $title .= " " . ucfirst($a_types[0]); + break; + + case 2: + $title .= " " . ucfirst($a_types[0]) . " or " . ucfirst($a_types[1]); + break; + + case 3: + $title .= " " . ucfirst($a_types[0]) . ", " . ucfirst($a_types[1]) . " or " . ucfirst($a_types[2]); + + default: + $title = "n"; +} + +if ($_POST['cancel']) { + header("Location: {$referrer}?{$querystr}"); + exit; +} + +if ($_POST['save']) { + if(empty($_POST['alias'])) + $input_errors[] = gettext("No alias is selected. Please select an alias before saving."); + + // if no errors, write new entry to conf + if (!$input_errors) { + $selection = $_POST['alias']; + header("Location: {$referrer}?{$querystr}&varvalue={$selection}"); + exit; + } +} + +$pgtitle = gettext("Suricata: Select {$title} Alias"); +include("head.inc"); + +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php include("fbegin.inc"); ?> +<form action="suricata_select_alias.php" method="post"> +<input type="hidden" name="varname" value="<?=$varname;?>"/> +<input type="hidden" name="type" value="<?=$type;?>"/> +<input type="hidden" name="multi_ip" value="<?=$multi_ip;?>"/> +<input type="hidden" name="returl" value="<?=$referrer;?>"/> +<input type="hidden" name="org_querystr" value="<?=$querystr;?>"/> +<?php if ($input_errors) print_input_errors($input_errors); ?> +<div id="boxarea"> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr> + <td class="tabcont"><strong><?=gettext("Select an Alias to use from the list below.");?></strong><br/> + </td> +</tr> +<tr> + <td class="tabcont"> + <table id="sortabletable1" style="table-layout: fixed;" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> + <colgroup> + <col width="5%" align="center"> + <col width="25%" align="left" axis="string"> + <col width="35%" align="left" axis="string"> + <col width="35%" align="left" axis="string"> + </colgroup> + <thead> + <tr> + <th class="listhdrr"></th> + <th class="listhdrr" axis="string"><?=gettext("Alias Name"); ?></th> + <th class="listhdrr" axis="string"><?=gettext("Values"); ?></th> + <th class="listhdrr" axis="string"><?=gettext("Description"); ?></th> + </tr> + </thead> + <tbody> + <?php $i = 0; foreach ($a_aliases as $alias): ?> + <?php if (!in_array($alias['type'], $a_types)) + continue; + if ( ($alias['type'] == "network" || $alias['type'] == "host") && + $multi_ip != "yes" && + !suricata_is_single_addr_alias($alias['name'])) { + $textss = "<span class=\"gray\">"; + $textse = "</span>"; + $disable = true; + $tooltip = gettext("Aliases resolving to multiple address entries cannot be used with the destination target."); + } + elseif (($alias['type'] == "network" || $alias['type'] == "host") && + trim(filter_expand_alias($alias['name'])) == "") { + $textss = "<span class=\"gray\">"; + $textse = "</span>"; + $disable = true; + $tooltip = gettext("Aliases representing a FQDN host cannot be used in Suricata configurations."); + } + else { + $textss = ""; + $textse = ""; + $disable = ""; + $selectablealias = true; + $tooltip = gettext("Selected entry will be imported. Click to toggle selection."); + } + ?> + <?php if ($disable): ?> + <tr title="<?=$tooltip;?>"> + <td class="listlr" align="center"><img src="../themes/<?=$g['theme'];?>/images/icons/icon_block_d.gif" width="11" height"11" border="0"/> + <?php else: ?> + <tr> + <td class="listlr" align="center"><input type="radio" name="alias" value="<?=htmlspecialchars($alias['name']);?>" title="<?=$tooltip;?>"/></td> + <?php endif; ?> + <td class="listr" align="left"><?=$textss . htmlspecialchars($alias['name']) . $textse;?></td> + <td class="listr" align="left"> + <?php + $tmpaddr = explode(" ", $alias['address']); + $addresses = implode(", ", array_slice($tmpaddr, 0, 10)); + echo "{$textss}{$addresses}{$textse}"; + if(count($tmpaddr) > 10) { + echo "..."; + } + ?> + </td> + <td class="listbg" align="left"> + <?=$textss . htmlspecialchars($alias['descr']) . $textse;?> + </td> + </tr> + <?php $i++; endforeach; ?> + </table> + </td> +</tr> +<?php if (!$selectablealias): ?> +<tr> + <td class="tabcont" align="center"><b><?php echo gettext("There are currently no defined Aliases eligible for selection.");?></b></td> +</tr> +<tr> + <td class="tabcont" align="center"> + <input type="Submit" name="cancel" value="Cancel" id="cancel" class="formbtn" title="<?=gettext("Cancel import operation and return");?>"/> + </td> +</tr> +<?php else: ?> +<tr> + <td class="tabcont" align="center"> + <input type="Submit" name="save" value="Save" id="save" class="formbtn" title="<?=gettext("Import selected item and return");?>"/> + <input type="Submit" name="cancel" value="Cancel" id="cancel" class="formbtn" title="<?=gettext("Cancel import operation and return");?>"/> + </td> +</tr> +<?php endif; ?> +<tr> + <td class="tabcont"> + <span class="vexpl"><span class="red"><strong><?=gettext("Note:"); ?><br></strong></span><?=gettext("Fully-Qualified Domain Name (FQDN) host Aliases cannot be used as Suricata configuration parameters. Aliases resolving to a single FQDN value are disabled in the list above. In the case of nested Aliases where one or more of the nested values is a FQDN host, the FQDN host will not be included in the {$title} configuration.");?></span> + </td> +</tr> +</table> +</div> +</form> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/suricata/suricata_suppress.php b/config/suricata/suricata_suppress.php index 1b833276..4f2e8d0d 100644 --- a/config/suricata/suricata_suppress.php +++ b/config/suricata/suricata_suppress.php @@ -1,30 +1,41 @@ <?php /* - suricata_suppress.php - - Copyright (C) 2014 Bill Meeks - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. + * suricata_suppress.php + * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. */ require_once("guiconfig.inc"); @@ -123,10 +134,12 @@ if ($input_errors) { $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php"); + $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), true, "/suricata/suricata_suppress.php"); $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); - display_top_tabs($tab_array); + display_top_tabs($tab_array, true); ?> </td> </tr> diff --git a/config/suricata/suricata_suppress_edit.php b/config/suricata/suricata_suppress_edit.php index aad67a95..a46e9e99 100644 --- a/config/suricata/suricata_suppress_edit.php +++ b/config/suricata/suricata_suppress_edit.php @@ -1,29 +1,41 @@ <?php /* * suricata_suppress_edit.php - Copyright (C) 2014 Bill Meeks - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. + * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. */ require_once("guiconfig.inc"); @@ -144,10 +156,12 @@ if ($savemsg) $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php"); + $tab_array[] = array(gettext("Blocked"), false, "/suricata/suricata_blocked.php"); + $tab_array[] = array(gettext("Pass Lists"), false, "/suricata/suricata_passlist.php"); $tab_array[] = array(gettext("Suppress"), true, "/suricata/suricata_suppress.php"); $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php"); $tab_array[] = array(gettext("Logs Mgmt"), false, "/suricata/suricata_logs_mgmt.php"); - display_top_tabs($tab_array); + display_top_tabs($tab_array, true); ?> </td></tr> <tr><td><div id="mainarea"> diff --git a/config/suricata/suricata_uninstall.php b/config/suricata/suricata_uninstall.php index b8ea6097..2317578e 100644 --- a/config/suricata/suricata_uninstall.php +++ b/config/suricata/suricata_uninstall.php @@ -1,30 +1,41 @@ <?php /* - suricata_uninstall.php - - Copyright (C) 2014 Bill Meeks - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. + * suricata_uninstall.php + * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. */ require_once("/usr/local/pkg/suricata/suricata.inc"); @@ -35,6 +46,7 @@ $suricatadir = SURICATADIR; $suricatalogdir = SURICATALOGDIR; $rcdir = RCFILEPREFIX; $suricata_rules_upd_log = RULES_UPD_LOGFILE; +$suri_pf_table = SURICATA_PF_TABLE; log_error(gettext("[Suricata] Suricata package uninstall in progress...")); @@ -64,6 +76,7 @@ mwexec('/usr/sbin/pw userdel suricata; /usr/sbin/pw groupdel suricata', true); /* Remove the Suricata cron jobs. */ install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/www/suricata/suricata_check_for_rule_updates.php", false); install_cron_job("/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/suricata/suricata_check_cron_misc.inc", false); +install_cron_job("pfctl -t {$suri_pf_table} -T expire" , false); /* See if we are to keep Suricata log files on uninstall */ if ($config['installedpackages']['suricata']['config'][0]['clearlogs'] == 'on') { diff --git a/config/suricata/suricata_yaml_template.inc b/config/suricata/suricata_yaml_template.inc index 07ada36e..c20ca8db 100644 --- a/config/suricata/suricata_yaml_template.inc +++ b/config/suricata/suricata_yaml_template.inc @@ -29,6 +29,14 @@ default-log-dir: {$suricatalogdir}suricata_{$if_real}{$suricata_uuid} # Configure the type of alert (and other) logging. outputs: + # alert_pf blocking plugin + - alert-pf: + enabled: {$suri_blockoffenders} + kill-state: {$suri_killstates} + pass-list: {$suri_passlist} + block-ip: {$suri_blockip} + pf-table: {$suri_pf_table} + # a line based alerts log similar to Snort's fast.log - fast: enabled: yes @@ -99,7 +107,7 @@ outputs: force-md5: {$json_log_md5} # Magic file. The extension .mgc is added to the value here. -magic-file: {$suricatacfgdir}/magic +magic-file: /usr/share/misc/magic # Specify a threshold config file threshold-file: {$suricatacfgdir}/threshold.config @@ -109,7 +117,7 @@ detect-engine: - sgh-mpm-context: {$sgh_mpm_ctx} - inspection-recursion-limit: {$inspection_recursion_limit} - rule-reload: true - - delayed-detect: yes + - delayed-detect: {$delayed_detect} # Suricata is multi-threaded. Here the threading can be influenced. threading: diff --git a/config/systempatches/system_patches.php b/config/systempatches/system_patches.php index 7fe860bd..793448d7 100644 --- a/config/systempatches/system_patches.php +++ b/config/systempatches/system_patches.php @@ -67,7 +67,7 @@ if ($_GET['act'] == "del") { } if (($_GET['act'] == "fetch") && ($a_patches[$_GET['id']])) { - $savemsg = patch_fetch(& $a_patches[$_GET['id']]) ? gettext("Patch Fetched Successfully") : gettext("Patch Fetch Failed"); + $savemsg = patch_fetch($a_patches[$_GET['id']]) ? gettext("Patch Fetched Successfully") : gettext("Patch Fetch Failed"); } if (($_GET['act'] == "test") && ($a_patches[$_GET['id']])) { $savemsg = patch_test_apply($a_patches[$_GET['id']]) ? gettext("Patch can be applied cleanly") : gettext("Patch can NOT be applied cleanly"); diff --git a/config/systempatches/system_patches_edit.php b/config/systempatches/system_patches_edit.php index ffa2fe13..0d45ce92 100644 --- a/config/systempatches/system_patches_edit.php +++ b/config/systempatches/system_patches_edit.php @@ -86,7 +86,11 @@ if ($_POST) { $reqdfieldsn = array(gettext("Description"),gettext("URL/Commit ID")); } - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); + if ($pf_version < 2.1) + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + else + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if (!empty($_POST['location']) && !is_commit_id($_POST['location']) && !is_URL($_POST['location'])) { $input_errors[] = gettext("The supplied commit ID/URL appears to be invalid."); diff --git a/config/varnish3/varnish.inc b/config/varnish3/varnish.inc index 2a986710..4883af15 100644 --- a/config/varnish3/varnish.inc +++ b/config/varnish3/varnish.inc @@ -41,7 +41,7 @@ else define('VARNISH_LOCALBASE','/usr/local'); -function varnish_settings_post_validate($post, $input_errors) { +function varnish_settings_post_validate($post, &$input_errors) { if( !is_numeric($post['storagesize'])) $input_errors[] = "A valid number is required for the field 'Storage size'"; if($post['listeningport'] && !is_numeric($post['listeningport'])) @@ -64,7 +64,7 @@ function varnish_settings_post_validate($post, $input_errors) { } -function varnish_lb_directors_post_validate($post, $input_errors) { +function varnish_lb_directors_post_validate($post, &$input_errors) { if (preg_match("/[^a-zA-Z0-9]/", $post['directorname'])){ $input_errors[] = "The directorname name must only contain the characters a-Z or 0-9"; } @@ -78,7 +78,7 @@ function varnish_lb_directors_post_validate($post, $input_errors) { $input_errors[] = "A valid number with a time reference is required for the field 'Req grace'"; } -function varnish_backends_post_validate($post, $input_errors) { +function varnish_backends_post_validate($post, &$input_errors) { if (!$post['backendname'] || preg_match("/[^a-zA-Z0-9]/", $post['backendname'])) $input_errors[] = "The backend name must only contain the characters a-Z or 0-9"; if(!is_ipaddr($post['ipaddress'])) diff --git a/config/varnish3/varnish_backends.xml b/config/varnish3/varnish_backends.xml index b2214772..1bcb822c 100644 --- a/config/varnish3/varnish_backends.xml +++ b/config/varnish3/varnish_backends.xml @@ -305,6 +305,6 @@ varnish_start(); </custom_php_resync_config_command> <custom_php_validation_command> - varnish_backends_post_validate($_POST, &$input_errors); + varnish_backends_post_validate($_POST, $input_errors); </custom_php_validation_command> </packagegui> diff --git a/config/varnish3/varnish_lb_directors.xml b/config/varnish3/varnish_lb_directors.xml index b2a19ac3..1946860c 100644 --- a/config/varnish3/varnish_lb_directors.xml +++ b/config/varnish3/varnish_lb_directors.xml @@ -273,6 +273,6 @@ varnish_start(); </custom_php_resync_config_command> <custom_php_validation_command> - varnish_lb_directors_post_validate($_POST, &$input_errors); + varnish_lb_directors_post_validate($_POST, $input_errors); </custom_php_validation_command> </packagegui> diff --git a/config/varnish3/varnish_settings.xml b/config/varnish3/varnish_settings.xml index bbb8d321..a5ff5ef9 100644 --- a/config/varnish3/varnish_settings.xml +++ b/config/varnish3/varnish_settings.xml @@ -280,6 +280,6 @@ varnish_start(); </custom_php_resync_config_command> <custom_php_validation_command> - varnish_settings_post_validate($_POST, &$input_errors); + varnish_settings_post_validate($_POST, $input_errors); </custom_php_validation_command> </packagegui>
\ No newline at end of file diff --git a/config/varnish64/varnish.inc b/config/varnish64/varnish.inc index ec7ef0c4..88ad32fa 100644 --- a/config/varnish64/varnish.inc +++ b/config/varnish64/varnish.inc @@ -33,7 +33,7 @@ */ /* ========================================================================== */ -function varnish_settings_post_validate($post, $input_errors) { +function varnish_settings_post_validate($post, &$input_errors) { if($post['storagesize'] && !is_numeric($post['storagesize'])) $input_errors[] = "A valid number is required for the field 'Storage size'"; if($post['listeningport'] && !is_numeric($post['listeningport'])) @@ -56,7 +56,7 @@ function varnish_settings_post_validate($post, $input_errors) { } -function varnish_lb_directors_post_validate($post, $input_errors) { +function varnish_lb_directors_post_validate($post, &$input_errors) { if (preg_match("/[^a-zA-Z0-9]/", $post['directorname'])) $input_errors[] = "The directorname name must only contain the characters a-Z or 0-9"; if(stristr($post['directorurl'], 'http')) @@ -65,7 +65,7 @@ function varnish_lb_directors_post_validate($post, $input_errors) { $input_errors[] = "A valid number with a time reference is required for the field 'Req grace'"; } -function varnish_backends_post_validate($post, $input_errors) { +function varnish_backends_post_validate($post, &$input_errors) { if (!$post['backendname'] || preg_match("/[^a-zA-Z0-9]/", $post['backendname'])) $input_errors[] = "The backend name must only contain the characters a-Z or 0-9"; if(!is_ipaddr($post['ipaddress'])) diff --git a/config/varnish64/varnish_backends.xml b/config/varnish64/varnish_backends.xml index fa549063..1684727c 100644 --- a/config/varnish64/varnish_backends.xml +++ b/config/varnish64/varnish_backends.xml @@ -281,6 +281,6 @@ varnish_start(); </custom_php_resync_config_command> <custom_php_validation_command> - varnish_backends_post_validate($_POST, &$input_errors); + varnish_backends_post_validate($_POST, $input_errors); </custom_php_validation_command> </packagegui> diff --git a/config/varnish64/varnish_lb_directors.xml b/config/varnish64/varnish_lb_directors.xml index e7a442ab..f61d66cb 100644 --- a/config/varnish64/varnish_lb_directors.xml +++ b/config/varnish64/varnish_lb_directors.xml @@ -275,6 +275,6 @@ varnish_start(); </custom_php_resync_config_command> <custom_php_validation_command> - varnish_lb_directors_post_validate($_POST, &$input_errors); + varnish_lb_directors_post_validate($_POST, $input_errors); </custom_php_validation_command> </packagegui>
\ No newline at end of file diff --git a/config/varnish64/varnish_settings.xml b/config/varnish64/varnish_settings.xml index 0576caad..f5a8bdcd 100644 --- a/config/varnish64/varnish_settings.xml +++ b/config/varnish64/varnish_settings.xml @@ -279,6 +279,6 @@ varnish_start(); </custom_php_resync_config_command> <custom_php_validation_command> - varnish_settings_post_validate($_POST, &$input_errors); + varnish_settings_post_validate($_POST, $input_errors); </custom_php_validation_command> </packagegui>
\ No newline at end of file diff --git a/config/zabbix2/zabbix2-agent.xml b/config/zabbix2/zabbix2-agent.xml index 24b7bd01..57ef7be3 100644 --- a/config/zabbix2/zabbix2-agent.xml +++ b/config/zabbix2/zabbix2-agent.xml @@ -41,7 +41,7 @@ <name>zabbixagent</name> <title>Services: Zabbix-2 Agent</title> <category>Monitoring</category> - <version>0.8_1</version> + <version>0.8.1</version> <include_file>/usr/local/pkg/zabbix2.inc</include_file> <addedit_string>Zabbix Agent has been created/modified.</addedit_string> <delete_string>Zabbix Agent has been deleted.</delete_string> @@ -172,7 +172,7 @@ <custom_php_command_before_form></custom_php_command_before_form> <custom_php_after_head_command></custom_php_after_head_command> <custom_php_after_form_command></custom_php_after_form_command> - <custom_php_validation_command>validate_input_zabbix2($_POST, &$input_errors);</custom_php_validation_command> + <custom_php_validation_command>validate_input_zabbix2($_POST, $input_errors);</custom_php_validation_command> <custom_add_php_command></custom_add_php_command> <custom_php_resync_config_command>sync_package_zabbix2();</custom_php_resync_config_command> <custom_php_deinstall_command>php_deinstall_zabbix2_agent();</custom_php_deinstall_command> diff --git a/config/zabbix2/zabbix2-proxy.xml b/config/zabbix2/zabbix2-proxy.xml index ebcb5bb0..b51d1d6b 100644 --- a/config/zabbix2/zabbix2-proxy.xml +++ b/config/zabbix2/zabbix2-proxy.xml @@ -41,7 +41,7 @@ <name>zabbixproxy</name> <title>Services: Zabbix-2 Proxy</title> <category>Monitoring</category> - <version>0.8_1</version> + <version>0.8.1</version> <include_file>/usr/local/pkg/zabbix2.inc</include_file> <addedit_string>Zabbix Proxy has been created/modified.</addedit_string> <delete_string>Zabbix Proxy has been deleted.</delete_string> @@ -143,7 +143,7 @@ <custom_php_command_before_form></custom_php_command_before_form> <custom_php_after_head_command></custom_php_after_head_command> <custom_php_after_form_command></custom_php_after_form_command> - <custom_php_validation_command>validate_input_zabbix2($_POST, &$input_errors);</custom_php_validation_command> + <custom_php_validation_command>validate_input_zabbix2($_POST, $input_errors);</custom_php_validation_command> <custom_add_php_command></custom_add_php_command> <custom_php_resync_config_command>sync_package_zabbix2();</custom_php_resync_config_command> <custom_php_deinstall_command>php_deinstall_zabbix2_proxy();</custom_php_deinstall_command> diff --git a/config/zabbix2/zabbix2.inc b/config/zabbix2/zabbix2.inc index bf9c6606..c2ff4244 100644 --- a/config/zabbix2/zabbix2.inc +++ b/config/zabbix2/zabbix2.inc @@ -99,7 +99,7 @@ function php_deinstall_zabbix2_proxy(){ conf_mount_ro(); } -function validate_input_zabbix2($post,&$input_errors){ +function validate_input_zabbix2($post, &$input_errors){ if (isset($post['proxyenabled'])){ if (!is_numericint($post['serverport'])) { |